2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[[webflux-testing-oauth2]]
							 
						 
					
						
							
								
									
										
										
										
											2021-10-29 10:09:04 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								= Testing OAuth 2.0
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-10-29 10:09:04 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								When it comes to OAuth 2.0, xref:reactive/test/method.adoc#test-erms[the same principles covered earlier still apply]: Ultimately, it depends on what your method under test is expecting to be in the `SecurityContextHolder`.
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-12-13 16:57:36 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Consider the following example of a controller:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								@GetMapping("/endpoint")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								public Mono<String> foo(Principal user) {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    return Mono.just(user.getName());
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								@GetMapping("/endpoint")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								fun foo(user: Principal): Mono<String> {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    return Mono.just(user.name)
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-12-13 16:57:36 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Nothing about it is OAuth2-specific, so you can xref:reactive/test/method.adoc#test-erms[use `@WithMockUser`] and be fine.
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-12-13 16:57:36 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								However, consider a case where your controller is bound to some aspect of Spring Security's OAuth 2.0 support:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								@GetMapping("/endpoint")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								public Mono<String> foo(@AuthenticationPrincipal OidcUser user) {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    return Mono.just(user.getIdToken().getSubject());
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								@GetMapping("/endpoint")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								fun foo(@AuthenticationPrincipal user: OidcUser): Mono<String> {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    return Mono.just(user.idToken.subject)
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								In that case, Spring Security's test support is handy.
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								[[webflux-testing-oidc-login]]
							 
						 
					
						
							
								
									
										
										
										
											2021-10-29 10:09:04 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								== Testing OIDC Login
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Testing the method shown in the <<webflux-testing-oauth2,preceding section>> with `WebTestClient` requires simulating some kind of grant flow with an authorization server.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								This is a daunting task, which is why Spring Security ships with support for removing this boilerplate.
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								For example, we can tell Spring Security to include a default `OidcUser` by using the `SecurityMockServerConfigurers#oidcLogin` method:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOidcLogin()).get().uri("/endpoint").exchange();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOidcLogin())
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .exchange()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								That line configures the associated `MockServerRequest` with an `OidcUser` that includes a simple `OidcIdToken`, an `OidcUserInfo`, and a `Collection` of granted authorities.
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Specifically, it includes an `OidcIdToken` with a `sub` claim set to `user`:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(user.getIdToken().getClaim("sub")).isEqualTo("user");
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(user.idToken.getClaim<String>("sub")).isEqualTo("user")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								It also includes an `OidcUserInfo` with no claims set:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(user.getUserInfo().getClaims()).isEmpty();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(user.userInfo.claims).isEmpty()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								It also includes a `Collection` of authorities with just one authority, `SCOPE_read`:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(user.getAuthorities()).hasSize(1);
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(user.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SCOPE_read"));
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(user.authorities).hasSize(1)
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(user.authorities).containsExactly(SimpleGrantedAuthority("SCOPE_read"))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-12-13 16:57:36 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Spring Security makes sure that the `OidcUser` instance is available forxref:servlet/integrations/mvc.adoc#mvc-authentication-principal[the `@AuthenticationPrincipal` annotation].
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Further, it also links the `OidcUser` to a simple instance of `OAuth2AuthorizedClient` that it deposits into a mock `ServerOAuth2AuthorizedClientRepository`.
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								This can be handy if your tests <<webflux-testing-oauth2-client,use the `@RegisteredOAuth2AuthorizedClient` annotation>>..
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								[[webflux-testing-oidc-login-authorities]]
							 
						 
					
						
							
								
									
										
										
										
											2021-10-29 10:09:04 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								=== Configuring Authorities
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								In many circumstances, your method is protected by filter or method security and needs your `Authentication` to have certain granted authorities to allow the request.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								In those cases, you can supply what granted authorities you need by using the `authorities()` method:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOidcLogin()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        .authorities(new SimpleGrantedAuthority("SCOPE_message:read"))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    )
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOidcLogin()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        .authorities(SimpleGrantedAuthority("SCOPE_message:read"))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    )
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[[webflux-testing-oidc-login-claims]]
							 
						 
					
						
							
								
									
										
										
										
											2021-10-29 10:09:04 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								=== Configuring Claims
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								While granted authorities are common across all of Spring Security, we also have claims in the case of OAuth 2.0.
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Suppose, for example, that you have a `user_id` claim that indicates the user's ID in your system.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								You might access it as follows in a controller:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								@GetMapping("/endpoint")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								public Mono<String> foo(@AuthenticationPrincipal OidcUser oidcUser) {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    String userId = oidcUser.getIdToken().getClaim("user_id");
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    // ...
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								@GetMapping("/endpoint")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								fun foo(@AuthenticationPrincipal oidcUser: OidcUser): Mono<String> {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    val userId = oidcUser.idToken.getClaim<String>("user_id")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    // ...
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								In that case, you can specify that claim with the `idToken()` method:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOidcLogin()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        .idToken(token -> token.claim("user_id", "1234"))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    )
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOidcLogin()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        .idToken { token -> token.claim("user_id", "1234") }
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    )
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								That works because `OidcUser` collects its claims from `OidcIdToken`.
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								[[webflux-testing-oidc-login-user]]
							 
						 
					
						
							
								
									
										
										
										
											2021-10-29 10:09:04 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								=== Additional Configurations
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								There are additional methods, too, for further configuring the authentication, depending on what data your controller expects:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								* `userInfo(OidcUserInfo.Builder)`: Configures the `OidcUserInfo` instance
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								* `clientRegistration(ClientRegistration)`: Configures the associated `OAuth2AuthorizedClient` with a given `ClientRegistration`
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								* `oidcUser(OidcUser)`: Configures the complete `OidcUser` instance
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								That last one is handy if you:
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								* Have your own implementation of `OidcUser` or
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								* Need to change the name attribute
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								For example, suppose that your authorization server sends the principal name in the `user_name` claim instead of the `sub` claim.
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								In that case, you can configure an `OidcUser` by hand:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								OidcUser oidcUser = new DefaultOidcUser(
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        AuthorityUtils.createAuthorityList("SCOPE_message:read"),
							 
						 
					
						
							
								
									
										
										
										
											2021-06-18 13:12:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								        OidcIdToken.withTokenValue("id-token").claim("user_name", "foo_user").build(),
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								        "user_name");
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOidcLogin().oidcUser(oidcUser))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								val oidcUser: OidcUser = DefaultOidcUser(
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    AuthorityUtils.createAuthorityList("SCOPE_message:read"),
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    OidcIdToken.withTokenValue("id-token").claim("user_name", "foo_user").build(),
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    "user_name"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								)
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOidcLogin().oidcUser(oidcUser))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[[webflux-testing-oauth2-login]]
							 
						 
					
						
							
								
									
										
										
										
											2021-10-29 10:09:04 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								== Testing OAuth 2.0 Login
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								As with <<webflux-testing-oidc-login,testing OIDC login>>, testing OAuth 2.0 Login presents a similar challenge: mocking a grant flow.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Because of that, Spring Security also has test support for non-OIDC use cases.
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Suppose that we have a controller that gets the logged-in user as an `OAuth2User`:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								@GetMapping("/endpoint")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								public Mono<String> foo(@AuthenticationPrincipal OAuth2User oauth2User) {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    return Mono.just(oauth2User.getAttribute("sub"));
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								@GetMapping("/endpoint")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								fun foo(@AuthenticationPrincipal oauth2User: OAuth2User): Mono<String> {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    return Mono.just(oauth2User.getAttribute("sub"))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								In that case, we can tell Spring Security to include a default `OAuth2User` by using the `SecurityMockServerConfigurers#oauth2User` method:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOAuth2Login())
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOAuth2Login())
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								The preceding example configures the associated `MockServerRequest` with an `OAuth2User` that includes a simple `Map` of attributes and a `Collection` of granted authorities.
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Specifically, it includes a `Map` with a key/value pair of `sub`/`user`:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat((String) user.getAttribute("sub")).isEqualTo("user");
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(user.getAttribute<String>("sub")).isEqualTo("user")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								It also includes a `Collection` of authorities with just one authority, `SCOPE_read`:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(user.getAuthorities()).hasSize(1);
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(user.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SCOPE_read"));
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(user.authorities).hasSize(1)
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(user.authorities).containsExactly(SimpleGrantedAuthority("SCOPE_read"))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-07-30 16:56:54 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Spring Security does the necessary work to make sure that the `OAuth2User` instance is available for xref:servlet/integrations/mvc.adoc#mvc-authentication-principal[the `@AuthenticationPrincipal` annotation].
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2020-05-27 16:22:58 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Further, it also links that `OAuth2User` to a simple instance of `OAuth2AuthorizedClient` that it deposits in a mock `ServerOAuth2AuthorizedClientRepository`.
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								This can be handy if your tests <<webflux-testing-oauth2-client,use the `@RegisteredOAuth2AuthorizedClient` annotation>>.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								[[webflux-testing-oauth2-login-authorities]]
							 
						 
					
						
							
								
									
										
										
										
											2021-10-29 10:09:04 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								=== Configuring Authorities
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								In many circumstances, your method is protected by filter or method security and needs your `Authentication` to have certain granted authorities to allow the request.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								In this case, you can supply the granted authorities you need by using the `authorities()` method:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOAuth2Login()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        .authorities(new SimpleGrantedAuthority("SCOPE_message:read"))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    )
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOAuth2Login()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        .authorities(SimpleGrantedAuthority("SCOPE_message:read"))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    )
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[[webflux-testing-oauth2-login-claims]]
							 
						 
					
						
							
								
									
										
										
										
											2021-10-29 10:09:04 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								=== Configuring Claims
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								While granted authorities are quite common across all of Spring Security, we also have claims in the case of OAuth 2.0.
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Suppose, for example, that you have a `user_id` attribute that indicates the user's ID in your system.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								You might access it as follows in a controller:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								@GetMapping("/endpoint")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								public Mono<String> foo(@AuthenticationPrincipal OAuth2User oauth2User) {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    String userId = oauth2User.getAttribute("user_id");
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    // ...
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								@GetMapping("/endpoint")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								fun foo(@AuthenticationPrincipal oauth2User: OAuth2User): Mono<String> {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    val userId = oauth2User.getAttribute<String>("user_id")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    // ...
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								In that case, you can specify that attribute with the `attributes()` method:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOAuth2Login()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        .attributes(attrs -> attrs.put("user_id", "1234"))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    )
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOAuth2Login()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        .attributes { attrs -> attrs["user_id"] = "1234" }
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    )
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[[webflux-testing-oauth2-login-user]]
							 
						 
					
						
							
								
									
										
										
										
											2021-10-29 10:09:04 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								=== Additional Configurations
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								There are additional methods, too, for further configuring the authentication, depending on what data your controller expects:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								* `clientRegistration(ClientRegistration)`: Configures the associated `OAuth2AuthorizedClient` with a given `ClientRegistration`
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								* `oauth2User(OAuth2User)`: Configures the complete `OAuth2User` instance
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								That last one is handy if you:
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								* Have your own implementation of `OAuth2User` or
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								* Need to change the name attribute
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								For example, suppose that your authorization server sends the principal name in the `user_name` claim instead of the `sub` claim.
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								In that case, you can configure an `OAuth2User` by hand:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								OAuth2User oauth2User = new DefaultOAuth2User(
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        AuthorityUtils.createAuthorityList("SCOPE_message:read"),
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        Collections.singletonMap("user_name", "foo_user"),
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        "user_name");
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOAuth2Login().oauth2User(oauth2User))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								val oauth2User: OAuth2User = DefaultOAuth2User(
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    AuthorityUtils.createAuthorityList("SCOPE_message:read"),
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    mapOf(Pair("user_name", "foo_user")),
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    "user_name"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								)
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOAuth2Login().oauth2User(oauth2User))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[[webflux-testing-oauth2-client]]
							 
						 
					
						
							
								
									
										
										
										
											2021-10-29 10:09:04 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								== Testing OAuth 2.0 Clients
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Independent of how your user authenticates, you may have other tokens and client registrations that are in play for the request you are testing.
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								For example, your controller may rely on the client credentials grant to get a token that is not associated with the user at all:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								@GetMapping("/endpoint")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								public Mono<String> foo(@RegisteredOAuth2AuthorizedClient("my-app") OAuth2AuthorizedClient authorizedClient) {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    return this.webClient.get()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        .attributes(oauth2AuthorizedClient(authorizedClient))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        .retrieve()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        .bodyToMono(String.class);
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								import org.springframework.web.reactive.function.client.bodyToMono
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								// ...
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								@GetMapping("/endpoint")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								fun foo(@RegisteredOAuth2AuthorizedClient("my-app") authorizedClient: OAuth2AuthorizedClient?): Mono<String> {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    return this.webClient.get()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        .attributes(oauth2AuthorizedClient(authorizedClient))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        .retrieve()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        .bodyToMono()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Simulating this handshake with the authorization server can be cumbersome.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Instead, you can use `SecurityMockServerConfigurers#oauth2Client` to add a `OAuth2AuthorizedClient` to a mock `ServerOAuth2AuthorizedClientRepository`:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOAuth2Client("my-app"))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOAuth2Client("my-app"))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								This creates an `OAuth2AuthorizedClient` that has a simple `ClientRegistration`, a `OAuth2AccessToken`, and a resource owner name.
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Specifically, it includes a `ClientRegistration` with a client ID of `test-client` and a client secret of `test-secret`:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(authorizedClient.getClientRegistration().getClientId()).isEqualTo("test-client");
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(authorizedClient.getClientRegistration().getClientSecret()).isEqualTo("test-secret");
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(authorizedClient.clientRegistration.clientId).isEqualTo("test-client")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(authorizedClient.clientRegistration.clientSecret).isEqualTo("test-secret")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								It also includes a resource owner name of `user`:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(authorizedClient.getPrincipalName()).isEqualTo("user");
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(authorizedClient.principalName).isEqualTo("user")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								It also includes an `OAuth2AccessToken` with one scope, `read`:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(authorizedClient.getAccessToken().getScopes()).hasSize(1);
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(authorizedClient.getAccessToken().getScopes()).containsExactly("read");
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(authorizedClient.accessToken.scopes).hasSize(1)
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(authorizedClient.accessToken.scopes).containsExactly("read")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								You can then retrieve the client as usual by using `@RegisteredOAuth2AuthorizedClient` in a controller method.
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								[[webflux-testing-oauth2-client-scopes]]
							 
						 
					
						
							
								
									
										
										
										
											2021-10-29 10:09:04 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								=== Configuring Scopes
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								In many circumstances, the OAuth 2.0 access token comes with a set of scopes.
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Consider the following example of how a controller can inspect the scopes:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								@GetMapping("/endpoint")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								public Mono<String> foo(@RegisteredOAuth2AuthorizedClient("my-app") OAuth2AuthorizedClient authorizedClient) {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    Set<String> scopes = authorizedClient.getAccessToken().getScopes();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    if (scopes.contains("message:read")) {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        return this.webClient.get()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								            .attributes(oauth2AuthorizedClient(authorizedClient))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								            .retrieve()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								            .bodyToMono(String.class);
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    }
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    // ...
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								import org.springframework.web.reactive.function.client.bodyToMono
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								// ...
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								@GetMapping("/endpoint")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								fun foo(@RegisteredOAuth2AuthorizedClient("my-app") authorizedClient: OAuth2AuthorizedClient): Mono<String> {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    val scopes = authorizedClient.accessToken.scopes
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    if (scopes.contains("message:read")) {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        return webClient.get()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								            .attributes(oauth2AuthorizedClient(authorizedClient))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								            .retrieve()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								            .bodyToMono()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    }
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    // ...
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Given a controller that inspects scopes, you can configure the scope by using the `accessToken()` method:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOAuth2Client("my-app")
							 
						 
					
						
							
								
									
										
										
										
											2021-06-18 13:12:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								        .accessToken(new OAuth2AccessToken(BEARER, "token", null, null, Collections.singleton("message:read")))
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								    )
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOAuth2Client("my-app")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        .accessToken(OAuth2AccessToken(BEARER, "token", null, null, setOf("message:read")))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								)
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								.get().uri("/endpoint").exchange()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[[webflux-testing-oauth2-client-registration]]
							 
						 
					
						
							
								
									
										
										
										
											2021-10-29 10:09:04 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								=== Additional Configurations
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								You can also use additional methods to further configure the authentication depending on what data your controller expects:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								* `principalName(String)`; Configures the resource owner name
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								* `clientRegistration(Consumer<ClientRegistration.Builder>)`: Configures the associated `ClientRegistration`
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								* `clientRegistration(ClientRegistration)`: Configures the complete `ClientRegistration`
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								That last one is handy if you want to use a real `ClientRegistration`
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								For example, suppose that you want to use one of your application's `ClientRegistration` definitions, as specified in your `application.yml`.
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								In that case, your test can autowire the `ReactiveClientRegistrationRepository` and look up the one your test needs:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								@Autowired
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								ReactiveClientRegistrationRepository clientRegistrationRepository;
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								// ...
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOAuth2Client()
							 
						 
					
						
							
								
									
										
										
										
											2021-06-18 13:12:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								        .clientRegistration(this.clientRegistrationRepository.findByRegistrationId("facebook").block())
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								    )
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/exchange").exchange();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								@Autowired
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								lateinit var clientRegistrationRepository: ReactiveClientRegistrationRepository
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								// ...
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOAuth2Client()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        .clientRegistration(this.clientRegistrationRepository.findByRegistrationId("facebook").block())
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    )
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/exchange").exchange()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[[webflux-testing-jwt]]
							 
						 
					
						
							
								
									
										
										
										
											2021-10-29 10:09:04 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								== Testing JWT Authentication
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								To make an authorized request on a resource server, you need a bearer token.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								If your resource server is configured for JWTs, the bearer token needs to be signed and then encoded according to the JWT specification.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								All of this can be quite daunting, especially when this is not the focus of your test.
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Fortunately, there are a number of simple ways in which you can overcome this difficulty and let your tests focus on authorization and not on representing bearer tokens.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								We look at two of them in the next two subsections.
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-10-29 10:09:04 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								=== `mockJwt() WebTestClientConfigurer`
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								The first way is with a `WebTestClientConfigurer`.
							 
						 
					
						
							
								
									
										
										
										
											2021-09-13 11:42:45 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								The simplest of these would be to use the `SecurityMockServerConfigurers#mockJwt` method like the following:
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockJwt()).get().uri("/endpoint").exchange();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockJwt()).get().uri("/endpoint").exchange()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								This example creates a mock `Jwt` and passes it through any authentication APIs so that it is available for your authorization mechanisms to verify.
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								By default, the `JWT` that it creates has the following characteristics:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								[source,json]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								{
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  "headers" : { "alg" : "none" },
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  "claims" : {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    "sub" : "user",
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    "scope" : "read"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  }
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								The resulting `Jwt`, were it tested, would pass in the following way:
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(jwt.getTokenValue()).isEqualTo("token");
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(jwt.getHeaders().get("alg")).isEqualTo("none");
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(jwt.getSubject()).isEqualTo("sub");
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(jwt.tokenValue).isEqualTo("token")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(jwt.headers["alg"]).isEqualTo("none")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(jwt.subject).isEqualTo("sub")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Note that you configure these values.
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								You can also configure any headers or claims with their corresponding methods:
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
									
										
										
										
											2019-11-22 12:38:01 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
									.mutateWith(mockJwt().jwt(jwt -> jwt.header("kid", "one")
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
										.claim("iss", "https://idp.example.org")))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
									.get().uri("/endpoint").exchange();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockJwt().jwt { jwt -> jwt.header("kid", "one")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        .claim("iss", "https://idp.example.org")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    })
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
									
										
										
										
											2019-11-22 12:38:01 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
									.mutateWith(mockJwt().jwt(jwt -> jwt.claims(claims -> claims.remove("scope"))))
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
									.get().uri("/endpoint").exchange();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockJwt().jwt { jwt ->
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        jwt.claims { claims -> claims.remove("scope") }
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    })
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								The `scope` and `scp` claims are processed the same way here as they are in a normal bearer token request.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								However, this can be overridden simply by providing the list of `GrantedAuthority` instances that you need for your test:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
									
										
										
										
											2021-06-18 13:12:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
									.mutateWith(mockJwt().authorities(new SimpleGrantedAuthority("SCOPE_messages")))
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
									.get().uri("/endpoint").exchange();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockJwt().authorities(SimpleGrantedAuthority("SCOPE_messages")))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Alternatively, if you have a custom `Jwt` to `Collection<GrantedAuthority>` converter, you can also use that to derive the authorities:
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
									
										
										
										
											2021-06-18 13:12:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
									.mutateWith(mockJwt().authorities(new MyConverter()))
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
									.get().uri("/endpoint").exchange();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockJwt().authorities(MyConverter()))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								You can also specify a complete `Jwt`, for which `{security-api-url}org/springframework/security/oauth2/jwt/Jwt.Builder.html[Jwt.Builder]` is quite handy:
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Jwt jwt = Jwt.withTokenValue("token")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .header("alg", "none")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .claim("sub", "user")
							 
						 
					
						
							
								
									
										
										
										
											2021-06-18 13:12:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								    .claim("scope", "read")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .build();
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
									
										
										
										
											2019-11-22 12:38:01 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
									.mutateWith(mockJwt().jwt(jwt))
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
									.get().uri("/endpoint").exchange();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								val jwt: Jwt = Jwt.withTokenValue("token")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .header("alg", "none")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .claim("sub", "user")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .claim("scope", "read")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .build()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockJwt().jwt(jwt))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-12-13 16:57:36 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								=== `authentication()` and `WebTestClientConfigurer`
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								The second way is by using the `authentication()` `Mutator`.
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								You can instantiate your own `JwtAuthenticationToken` and provide it in your test:
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Jwt jwt = Jwt.withTokenValue("token")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .header("alg", "none")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .claim("sub", "user")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .build();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Collection<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("SCOPE_read");
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								JwtAuthenticationToken token = new JwtAuthenticationToken(jwt, authorities);
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
									
										
										
										
											2021-06-18 13:12:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
									.mutateWith(mockAuthentication(token))
							 
						 
					
						
							
								
									
										
										
										
											2019-09-17 18:06:50 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
									.get().uri("/endpoint").exchange();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								val jwt = Jwt.withTokenValue("token")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .header("alg", "none")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .claim("sub", "user")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .build()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								val authorities: Collection<GrantedAuthority> = AuthorityUtils.createAuthorityList("SCOPE_read")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								val token = JwtAuthenticationToken(jwt, authorities)
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockAuthentication<JwtMutator>(token))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Note that, as an alternative to these, you can also mock the `ReactiveJwtDecoder` bean itself with a `@MockBean` annotation.
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								[[webflux-testing-opaque-token]]
							 
						 
					
						
							
								
									
										
										
										
											2021-10-29 10:09:04 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								== Testing Opaque Token Authentication
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Similar to <<webflux-testing-jwt,JWTs>>, opaque tokens require an authorization server in order to verify their validity, which can make testing more difficult.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								To help with that, Spring Security has test support for opaque tokens.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Suppose you have a controller that retrieves the authentication as a `BearerTokenAuthentication`:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								@GetMapping("/endpoint")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								public Mono<String> foo(BearerTokenAuthentication authentication) {
							 
						 
					
						
							
								
									
										
										
										
											2021-06-18 13:12:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								    return Mono.just((String) authentication.getTokenAttributes().get("sub"));
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								@GetMapping("/endpoint")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								fun foo(authentication: BearerTokenAuthentication): Mono<String?> {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    return Mono.just(authentication.tokenAttributes["sub"] as String?)
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								In that case, you can tell Spring Security to include a default `BearerTokenAuthentication` by using the `SecurityMockServerConfigurers#opaqueToken` method:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOpaqueToken())
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOpaqueToken())
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								This example configures the associated `MockHttpServletRequest` with a `BearerTokenAuthentication` that includes a simple `OAuth2AuthenticatedPrincipal`, a `Map` of attributes, and a `Collection` of granted authorities.
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Specifically, it includes a `Map` with a key/value pair of `sub`/`user`:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat((String) token.getTokenAttributes().get("sub")).isEqualTo("user");
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(token.tokenAttributes["sub"] as String?).isEqualTo("user")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								It also includes a `Collection` of authorities with just one authority, `SCOPE_read`:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(token.getAuthorities()).hasSize(1);
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(token.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SCOPE_read"));
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(token.authorities).hasSize(1)
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								assertThat(token.authorities).containsExactly(SimpleGrantedAuthority("SCOPE_read"))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Spring Security does the necessary work to make sure that the `BearerTokenAuthentication` instance is available for your controller methods.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								[[webflux-testing-opaque-token-authorities]]
							 
						 
					
						
							
								
									
										
										
										
											2021-10-29 10:09:04 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								=== Configuring Authorities
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								In many circumstances, your method is protected by filter or method security and needs your `Authentication` to have certain granted authorities to allow the request.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								In this case, you can supply what granted authorities you need using the `authorities()` method:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOpaqueToken()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        .authorities(new SimpleGrantedAuthority("SCOPE_message:read"))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    )
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOpaqueToken()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        .authorities(SimpleGrantedAuthority("SCOPE_message:read"))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    )
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[[webflux-testing-opaque-token-attributes]]
							 
						 
					
						
							
								
									
										
										
										
											2021-10-29 10:09:04 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								=== Configuring Claims
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								While granted authorities are quite common across all of Spring Security, we also have attributes in the case of OAuth 2.0.
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Suppose, for example, that you have a `user_id` attribute that indicates the user's ID in your system.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								You might access it as follows in a controller:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								@GetMapping("/endpoint")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								public Mono<String> foo(BearerTokenAuthentication authentication) {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    String userId = (String) authentication.getTokenAttributes().get("user_id");
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    // ...
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								@GetMapping("/endpoint")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								fun foo(authentication: BearerTokenAuthentication): Mono<String?> {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    val userId = authentication.tokenAttributes["user_id"] as String?
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    // ...
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								In that case, you can specify that attribute with the `attributes()` method:
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOpaqueToken()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        .attributes(attrs -> attrs.put("user_id", "1234"))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    )
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOpaqueToken()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        .attributes { attrs -> attrs["user_id"] = "1234" }
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    )
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[[webflux-testing-opaque-token-principal]]
							 
						 
					
						
							
								
									
										
										
										
											2021-10-29 10:09:04 -06:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								=== Additional Configurations
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								You can also use additional methods to further configure the authentication, depending on what data your controller expects.
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								One such method is `principal(OAuth2AuthenticatedPrincipal)`, which you can use to configure the complete `OAuth2AuthenticatedPrincipal` instance that underlies the `BearerTokenAuthentication`.
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								It is handy if you:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								* Have your own implementation of `OAuth2AuthenticatedPrincipal` or
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								* Want to specify a different principal name
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								For example, suppose that your authorization server sends the principal name in the `user_name` attribute instead of the `sub` attribute.
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								In that case, you can configure an `OAuth2AuthenticatedPrincipal` by hand:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[tabs]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Java::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,java,role="primary"]
							 
						 
					
						
							
								
									
										
										
										
											2020-03-04 19:55:26 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Map<String, Object> attributes = Collections.singletonMap("user_name", "foo_user");
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								OAuth2AuthenticatedPrincipal principal = new DefaultOAuth2AuthenticatedPrincipal(
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        (String) attributes.get("user_name"),
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        attributes,
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        AuthorityUtils.createAuthorityList("SCOPE_message:read"));
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOpaqueToken().principal(principal))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange();
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Kotlin::
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								+
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[source,kotlin,role="secondary"]
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								val attributes: Map<String, Any> = mapOf(Pair("user_name", "foo_user"))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								val principal: OAuth2AuthenticatedPrincipal = DefaultOAuth2AuthenticatedPrincipal(
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    attributes["user_name"] as String?,
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    attributes,
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    AuthorityUtils.createAuthorityList("SCOPE_message:read")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								)
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								client
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .mutateWith(mockOpaqueToken().principal(principal))
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    .get().uri("/endpoint").exchange()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								----
							 
						 
					
						
							
								
									
										
										
										
											2023-06-18 21:30:41 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								======
							 
						 
					
						
							
								
									
										
										
										
											2021-06-24 11:49:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-04-21 16:01:26 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Note that, as an alternative to using `mockOpaqueToken()` test support, you can also mock the `OpaqueTokenIntrospector` bean itself with a `@MockBean` annotation.