mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-05-30 00:32:14 +00:00
Deprecate ClientRegistration.redirectUriTemplate
Closes gh-8906
This commit is contained in:
Joe Grandja
parent
a0c10f2df6
commit
0ed919f072
@ -2129,7 +2129,7 @@ public final class HttpSecurity extends
|
||||
* .clientSecret("google-client-secret")
|
||||
* .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
* .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
* .redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
|
||||
* .redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
|
||||
* .scope("openid", "profile", "email", "address", "phone")
|
||||
* .authorizationUri("https://accounts.google.com/o/oauth2/v2/auth")
|
||||
* .tokenUri("https://www.googleapis.com/oauth2/v4/token")
|
||||
@ -2223,7 +2223,7 @@ public final class HttpSecurity extends
|
||||
* .clientSecret("google-client-secret")
|
||||
* .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
* .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
* .redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
|
||||
* .redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
|
||||
* .scope("openid", "profile", "email", "address", "phone")
|
||||
* .authorizationUri("https://accounts.google.com/o/oauth2/v2/auth")
|
||||
* .tokenUri("https://www.googleapis.com/oauth2/v4/token")
|
||||
|
||||
@ -114,7 +114,7 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini
|
||||
.map(AuthorizationGrantType::new)
|
||||
.ifPresent(builder::authorizationGrantType);
|
||||
getOptionalIfNotEmpty(clientRegistrationElt.getAttribute(ATT_REDIRECT_URI))
|
||||
.ifPresent(builder::redirectUriTemplate);
|
||||
.ifPresent(builder::redirectUri);
|
||||
getOptionalIfNotEmpty(clientRegistrationElt.getAttribute(ATT_SCOPE))
|
||||
.map(StringUtils::commaDelimitedListToSet)
|
||||
.ifPresent(builder::scope);
|
||||
|
||||
@ -101,7 +101,7 @@ public enum CommonOAuth2Provider {
|
||||
ClientRegistration.Builder builder = ClientRegistration.withRegistrationId(registrationId);
|
||||
builder.clientAuthenticationMethod(method);
|
||||
builder.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||
builder.redirectUriTemplate(redirectUri);
|
||||
builder.redirectUri(redirectUri);
|
||||
return builder;
|
||||
}
|
||||
|
||||
|
||||
@ -106,7 +106,7 @@ public class OAuth2ClientConfigurerTests {
|
||||
.clientSecret("secret")
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate("{baseUrl}/client-1")
|
||||
.redirectUri("{baseUrl}/client-1")
|
||||
.scope("user")
|
||||
.authorizationUri("https://provider.com/oauth2/authorize")
|
||||
.tokenUri("https://provider.com/oauth2/token")
|
||||
|
||||
@ -114,7 +114,7 @@ public class OAuth2ClientBeanDefinitionParserTests {
|
||||
ClientRegistration clientRegistration = CommonOAuth2Provider.GOOGLE.getBuilder("google")
|
||||
.clientId("google-client-id")
|
||||
.clientSecret("google-client-secret")
|
||||
.redirectUriTemplate("http://localhost/callback/google")
|
||||
.redirectUri("http://localhost/callback/google")
|
||||
.scope("scope1", "scope2")
|
||||
.build();
|
||||
when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(clientRegistration);
|
||||
@ -238,7 +238,7 @@ public class OAuth2ClientBeanDefinitionParserTests {
|
||||
return OAuth2AuthorizationRequest.authorizationCode()
|
||||
.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
|
||||
.clientId(clientRegistration.getClientId())
|
||||
.redirectUri(clientRegistration.getRedirectUriTemplate())
|
||||
.redirectUri(clientRegistration.getRedirectUri())
|
||||
.scopes(clientRegistration.getScopes())
|
||||
.state("state")
|
||||
.attributes(attributes)
|
||||
|
||||
@ -151,7 +151,7 @@ public class ClientRegistrationsBeanDefinitionParserTests {
|
||||
assertThat(googleRegistration.getClientSecret()).isEqualTo("google-client-secret");
|
||||
assertThat(googleRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
|
||||
assertThat(googleRegistration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||
assertThat(googleRegistration.getRedirectUriTemplate()).isEqualTo("{baseUrl}/{action}/oauth2/code/{registrationId}");
|
||||
assertThat(googleRegistration.getRedirectUri()).isEqualTo("{baseUrl}/{action}/oauth2/code/{registrationId}");
|
||||
assertThat(googleRegistration.getScopes()).isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email"));
|
||||
assertThat(googleRegistration.getClientName()).isEqualTo(serverUrl);
|
||||
|
||||
@ -181,7 +181,7 @@ public class ClientRegistrationsBeanDefinitionParserTests {
|
||||
assertThat(googleRegistration.getClientSecret()).isEqualTo("google-client-secret");
|
||||
assertThat(googleRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
|
||||
assertThat(googleRegistration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||
assertThat(googleRegistration.getRedirectUriTemplate()).isEqualTo("{baseUrl}/login/oauth2/code/{registrationId}");
|
||||
assertThat(googleRegistration.getRedirectUri()).isEqualTo("{baseUrl}/login/oauth2/code/{registrationId}");
|
||||
assertThat(googleRegistration.getScopes()).isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email"));
|
||||
assertThat(googleRegistration.getClientName()).isEqualTo("Google");
|
||||
|
||||
@ -205,7 +205,7 @@ public class ClientRegistrationsBeanDefinitionParserTests {
|
||||
assertThat(githubRegistration.getClientSecret()).isEqualTo("github-client-secret");
|
||||
assertThat(githubRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
|
||||
assertThat(githubRegistration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||
assertThat(githubRegistration.getRedirectUriTemplate()).isEqualTo("{baseUrl}/login/oauth2/code/{registrationId}");
|
||||
assertThat(githubRegistration.getRedirectUri()).isEqualTo("{baseUrl}/login/oauth2/code/{registrationId}");
|
||||
assertThat(googleRegistration.getScopes()).isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email"));
|
||||
assertThat(githubRegistration.getClientName()).isEqualTo("Github");
|
||||
|
||||
|
||||
@ -53,7 +53,7 @@ public class CommonOAuth2ProviderTests {
|
||||
.isEqualTo(ClientAuthenticationMethod.BASIC);
|
||||
assertThat(registration.getAuthorizationGrantType())
|
||||
.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||
assertThat(registration.getRedirectUriTemplate()).isEqualTo(DEFAULT_REDIRECT_URL);
|
||||
assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
|
||||
assertThat(registration.getScopes()).containsOnly("openid", "profile", "email");
|
||||
assertThat(registration.getClientName()).isEqualTo("Google");
|
||||
assertThat(registration.getRegistrationId()).isEqualTo("123");
|
||||
@ -76,7 +76,7 @@ public class CommonOAuth2ProviderTests {
|
||||
.isEqualTo(ClientAuthenticationMethod.BASIC);
|
||||
assertThat(registration.getAuthorizationGrantType())
|
||||
.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||
assertThat(registration.getRedirectUriTemplate()).isEqualTo(DEFAULT_REDIRECT_URL);
|
||||
assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
|
||||
assertThat(registration.getScopes()).containsOnly("read:user");
|
||||
assertThat(registration.getClientName()).isEqualTo("GitHub");
|
||||
assertThat(registration.getRegistrationId()).isEqualTo("123");
|
||||
@ -99,7 +99,7 @@ public class CommonOAuth2ProviderTests {
|
||||
.isEqualTo(ClientAuthenticationMethod.POST);
|
||||
assertThat(registration.getAuthorizationGrantType())
|
||||
.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||
assertThat(registration.getRedirectUriTemplate()).isEqualTo(DEFAULT_REDIRECT_URL);
|
||||
assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
|
||||
assertThat(registration.getScopes()).containsOnly("public_profile", "email");
|
||||
assertThat(registration.getClientName()).isEqualTo("Facebook");
|
||||
assertThat(registration.getRegistrationId()).isEqualTo("123");
|
||||
@ -124,7 +124,7 @@ public class CommonOAuth2ProviderTests {
|
||||
.isEqualTo(ClientAuthenticationMethod.BASIC);
|
||||
assertThat(registration.getAuthorizationGrantType())
|
||||
.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||
assertThat(registration.getRedirectUriTemplate()).isEqualTo(DEFAULT_REDIRECT_URL);
|
||||
assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
|
||||
assertThat(registration.getScopes()).containsOnly("openid", "profile", "email");
|
||||
assertThat(registration.getClientName()).isEqualTo("Okta");
|
||||
assertThat(registration.getRegistrationId()).isEqualTo("123");
|
||||
|
||||
@ -156,7 +156,7 @@ public final class ClientRegistration {
|
||||
private String clientSecret; <3>
|
||||
private ClientAuthenticationMethod clientAuthenticationMethod; <4>
|
||||
private AuthorizationGrantType authorizationGrantType; <5>
|
||||
private String redirectUriTemplate; <6>
|
||||
private String redirectUri; <6>
|
||||
private Set<String> scopes; <7>
|
||||
private ProviderDetails providerDetails;
|
||||
private String clientName; <8>
|
||||
@ -185,7 +185,7 @@ public final class ClientRegistration {
|
||||
The supported values are *basic*, *post* and *none* https://tools.ietf.org/html/rfc6749#section-2.1[(public clients)].
|
||||
<5> `authorizationGrantType`: The OAuth 2.0 Authorization Framework defines four https://tools.ietf.org/html/rfc6749#section-1.3[Authorization Grant] types.
|
||||
The supported values are `authorization_code`, `client_credentials` and `password`.
|
||||
<6> `redirectUriTemplate`: The client's registered redirect URI that the _Authorization Server_ redirects the end-user's user-agent
|
||||
<6> `redirectUri`: The client's registered redirect URI that the _Authorization Server_ redirects the end-user's user-agent
|
||||
to after the end-user has authenticated and authorized access to the client.
|
||||
<7> `scopes`: The scope(s) requested by the client during the Authorization Request flow, such as openid, email, or profile.
|
||||
<8> `clientName`: A descriptive name used for the client.
|
||||
|
||||
@ -114,7 +114,7 @@ The following table outlines the mapping of the Spring Boot 2.x OAuth Client pro
|
||||
|`authorizationGrantType`
|
||||
|
||||
|`spring.security.oauth2.client.registration._[registrationId]_.redirect-uri`
|
||||
|`redirectUriTemplate`
|
||||
|`redirectUri`
|
||||
|
||||
|`spring.security.oauth2.client.registration._[registrationId]_.scope`
|
||||
|`scopes`
|
||||
@ -266,7 +266,7 @@ public class OAuth2LoginConfig {
|
||||
.clientSecret("google-client-secret")
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
|
||||
.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
|
||||
.scope("openid", "profile", "email", "address", "phone")
|
||||
.authorizationUri("https://accounts.google.com/o/oauth2/v2/auth")
|
||||
.tokenUri("https://www.googleapis.com/oauth2/v4/token")
|
||||
@ -360,7 +360,7 @@ public class OAuth2LoginConfig {
|
||||
.clientSecret("google-client-secret")
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
|
||||
.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
|
||||
.scope("openid", "profile", "email", "address", "phone")
|
||||
.authorizationUri("https://accounts.google.com/o/oauth2/v2/auth")
|
||||
.tokenUri("https://www.googleapis.com/oauth2/v4/token")
|
||||
@ -403,7 +403,7 @@ class OAuth2LoginConfig {
|
||||
.clientSecret("google-client-secret")
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
|
||||
.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
|
||||
.scope("openid", "profile", "email", "address", "phone")
|
||||
.authorizationUri("https://accounts.google.com/o/oauth2/v2/auth")
|
||||
.tokenUri("https://www.googleapis.com/oauth2/v4/token")
|
||||
@ -854,7 +854,7 @@ class OAuth2LoginSecurityConfig : WebSecurityConfigurerAdapter() {
|
||||
|
||||
[IMPORTANT]
|
||||
====
|
||||
You also need to ensure the `ClientRegistration.redirectUriTemplate` matches the custom Authorization Response `baseUri`.
|
||||
You also need to ensure the `ClientRegistration.redirectUri` matches the custom Authorization Response `baseUri`.
|
||||
|
||||
The following listing shows an example:
|
||||
|
||||
@ -863,7 +863,7 @@ The following listing shows an example:
|
||||
return CommonOAuth2Provider.GOOGLE.getBuilder("google")
|
||||
.clientId("google-client-id")
|
||||
.clientSecret("google-client-secret")
|
||||
.redirectUriTemplate("{baseUrl}/login/oauth2/callback/{registrationId}")
|
||||
.redirectUri("{baseUrl}/login/oauth2/callback/{registrationId}")
|
||||
.build();
|
||||
----
|
||||
====
|
||||
|
||||
@ -67,7 +67,7 @@ final class ClientRegistrationDeserializer extends JsonDeserializer<ClientRegist
|
||||
.authorizationGrantType(
|
||||
AUTHORIZATION_GRANT_TYPE_CONVERTER.convert(
|
||||
findObjectNode(clientRegistrationNode, "authorizationGrantType")))
|
||||
.redirectUriTemplate(findStringValue(clientRegistrationNode, "redirectUriTemplate"))
|
||||
.redirectUri(findStringValue(clientRegistrationNode, "redirectUri"))
|
||||
.scope(findValue(clientRegistrationNode, "scopes", SET_TYPE_REFERENCE, mapper))
|
||||
.clientName(findStringValue(clientRegistrationNode, "clientName"))
|
||||
.authorizationUri(findStringValue(providerDetailsNode, "authorizationUri"))
|
||||
|
||||
@ -49,7 +49,7 @@ public final class ClientRegistration implements Serializable {
|
||||
private String clientSecret;
|
||||
private ClientAuthenticationMethod clientAuthenticationMethod;
|
||||
private AuthorizationGrantType authorizationGrantType;
|
||||
private String redirectUriTemplate;
|
||||
private String redirectUri;
|
||||
private Set<String> scopes = Collections.emptySet();
|
||||
private ProviderDetails providerDetails = new ProviderDetails();
|
||||
private String clientName;
|
||||
@ -106,10 +106,32 @@ public final class ClientRegistration implements Serializable {
|
||||
/**
|
||||
* Returns the uri (or uri template) for the redirection endpoint.
|
||||
*
|
||||
* @return the uri for the redirection endpoint
|
||||
* @deprecated Use {@link #getRedirectUri()} instead
|
||||
* @return the uri (or uri template) for the redirection endpoint
|
||||
*/
|
||||
@Deprecated
|
||||
public String getRedirectUriTemplate() {
|
||||
return this.redirectUriTemplate;
|
||||
return getRedirectUri();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the uri (or uri template) for the redirection endpoint.
|
||||
*
|
||||
* <br />
|
||||
* The supported uri template variables are: {baseScheme}, {baseHost}, {basePort}, {basePath} and {registrationId}.
|
||||
*
|
||||
* <br />
|
||||
* <b>NOTE:</b> {baseUrl} is also supported, which is the same as {baseScheme}://{baseHost}{basePort}{basePath}.
|
||||
*
|
||||
* <br />
|
||||
* Configuring uri template variables is especially useful when the client is running behind a Proxy Server.
|
||||
* This ensures that the X-Forwarded-* headers are used when expanding the redirect-uri.
|
||||
*
|
||||
* @since 5.4
|
||||
* @return the uri (or uri template) for the redirection endpoint
|
||||
*/
|
||||
public String getRedirectUri() {
|
||||
return this.redirectUri;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -147,7 +169,7 @@ public final class ClientRegistration implements Serializable {
|
||||
+ ", clientSecret='" + this.clientSecret + '\''
|
||||
+ ", clientAuthenticationMethod=" + this.clientAuthenticationMethod
|
||||
+ ", authorizationGrantType=" + this.authorizationGrantType
|
||||
+ ", redirectUriTemplate='" + this.redirectUriTemplate + '\''
|
||||
+ ", redirectUri='" + this.redirectUri + '\''
|
||||
+ ", scopes=" + this.scopes
|
||||
+ ", providerDetails=" + this.providerDetails
|
||||
+ ", clientName='" + this.clientName
|
||||
@ -300,7 +322,7 @@ public final class ClientRegistration implements Serializable {
|
||||
private String clientSecret;
|
||||
private ClientAuthenticationMethod clientAuthenticationMethod;
|
||||
private AuthorizationGrantType authorizationGrantType;
|
||||
private String redirectUriTemplate;
|
||||
private String redirectUri;
|
||||
private Set<String> scopes;
|
||||
private String authorizationUri;
|
||||
private String tokenUri;
|
||||
@ -322,7 +344,7 @@ public final class ClientRegistration implements Serializable {
|
||||
this.clientSecret = clientRegistration.clientSecret;
|
||||
this.clientAuthenticationMethod = clientRegistration.clientAuthenticationMethod;
|
||||
this.authorizationGrantType = clientRegistration.authorizationGrantType;
|
||||
this.redirectUriTemplate = clientRegistration.redirectUriTemplate;
|
||||
this.redirectUri = clientRegistration.redirectUri;
|
||||
this.scopes = clientRegistration.scopes == null ? null : new HashSet<>(clientRegistration.scopes);
|
||||
this.authorizationUri = clientRegistration.providerDetails.authorizationUri;
|
||||
this.tokenUri = clientRegistration.providerDetails.tokenUri;
|
||||
@ -397,11 +419,34 @@ public final class ClientRegistration implements Serializable {
|
||||
/**
|
||||
* Sets the uri (or uri template) for the redirection endpoint.
|
||||
*
|
||||
* @param redirectUriTemplate the uri for the redirection endpoint
|
||||
* @deprecated Use {@link #redirectUri(String)} instead
|
||||
* @param redirectUriTemplate the uri (or uri template) for the redirection endpoint
|
||||
* @return the {@link Builder}
|
||||
*/
|
||||
@Deprecated
|
||||
public Builder redirectUriTemplate(String redirectUriTemplate) {
|
||||
this.redirectUriTemplate = redirectUriTemplate;
|
||||
return redirectUri(redirectUriTemplate);
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the uri (or uri template) for the redirection endpoint.
|
||||
*
|
||||
* <br />
|
||||
* The supported uri template variables are: {baseScheme}, {baseHost}, {basePort}, {basePath} and {registrationId}.
|
||||
*
|
||||
* <br />
|
||||
* <b>NOTE:</b> {baseUrl} is also supported, which is the same as {baseScheme}://{baseHost}{basePort}{basePath}.
|
||||
*
|
||||
* <br />
|
||||
* Configuring uri template variables is especially useful when the client is running behind a Proxy Server.
|
||||
* This ensures that the X-Forwarded-* headers are used when expanding the redirect-uri.
|
||||
*
|
||||
* @since 5.4
|
||||
* @param redirectUri the uri (or uri template) for the redirection endpoint
|
||||
* @return the {@link Builder}
|
||||
*/
|
||||
public Builder redirectUri(String redirectUri) {
|
||||
this.redirectUri = redirectUri;
|
||||
return this;
|
||||
}
|
||||
|
||||
@ -575,7 +620,7 @@ public final class ClientRegistration implements Serializable {
|
||||
}
|
||||
}
|
||||
clientRegistration.authorizationGrantType = this.authorizationGrantType;
|
||||
clientRegistration.redirectUriTemplate = this.redirectUriTemplate;
|
||||
clientRegistration.redirectUri = this.redirectUri;
|
||||
clientRegistration.scopes = this.scopes;
|
||||
|
||||
ProviderDetails providerDetails = clientRegistration.new ProviderDetails();
|
||||
@ -600,7 +645,7 @@ public final class ClientRegistration implements Serializable {
|
||||
() -> "authorizationGrantType must be " + AuthorizationGrantType.AUTHORIZATION_CODE.getValue());
|
||||
Assert.hasText(this.registrationId, "registrationId cannot be empty");
|
||||
Assert.hasText(this.clientId, "clientId cannot be empty");
|
||||
Assert.hasText(this.redirectUriTemplate, "redirectUriTemplate cannot be empty");
|
||||
Assert.hasText(this.redirectUri, "redirectUri cannot be empty");
|
||||
Assert.hasText(this.authorizationUri, "authorizationUri cannot be empty");
|
||||
Assert.hasText(this.tokenUri, "tokenUri cannot be empty");
|
||||
}
|
||||
@ -610,7 +655,7 @@ public final class ClientRegistration implements Serializable {
|
||||
() -> "authorizationGrantType must be " + AuthorizationGrantType.IMPLICIT.getValue());
|
||||
Assert.hasText(this.registrationId, "registrationId cannot be empty");
|
||||
Assert.hasText(this.clientId, "clientId cannot be empty");
|
||||
Assert.hasText(this.redirectUriTemplate, "redirectUriTemplate cannot be empty");
|
||||
Assert.hasText(this.redirectUri, "redirectUri cannot be empty");
|
||||
Assert.hasText(this.authorizationUri, "authorizationUri cannot be empty");
|
||||
}
|
||||
|
||||
|
||||
@ -244,7 +244,7 @@ public final class ClientRegistrations {
|
||||
.scope(scopes)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.clientAuthenticationMethod(method)
|
||||
.redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}")
|
||||
.redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}")
|
||||
.authorizationUri(metadata.getAuthorizationEndpointURI().toASCIIString())
|
||||
.providerConfigurationMetadata(configurationMetadata)
|
||||
.tokenUri(metadata.getTokenEndpointURI().toASCIIString())
|
||||
|
||||
@ -183,7 +183,7 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
|
||||
}
|
||||
|
||||
/**
|
||||
* Expands the {@link ClientRegistration#getRedirectUriTemplate()} with following provided variables:<br/>
|
||||
* Expands the {@link ClientRegistration#getRedirectUri()} with following provided variables:<br/>
|
||||
* - baseUrl (e.g. https://localhost/app) <br/>
|
||||
* - baseScheme (e.g. https) <br/>
|
||||
* - baseHost (e.g. localhost) <br/>
|
||||
@ -194,7 +194,7 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
|
||||
* <p/>
|
||||
* Null variables are provided as empty strings.
|
||||
* <p/>
|
||||
* Default redirectUriTemplate is: {@link org.springframework.security.config.oauth2.client}.CommonOAuth2Provider#DEFAULT_REDIRECT_URL
|
||||
* Default redirectUri is: {@code org.springframework.security.config.oauth2.client.CommonOAuth2Provider#DEFAULT_REDIRECT_URL}
|
||||
*
|
||||
* @return expanded URI
|
||||
*/
|
||||
@ -225,7 +225,7 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
|
||||
|
||||
uriVariables.put("action", action == null ? "" : action);
|
||||
|
||||
return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUriTemplate())
|
||||
return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri())
|
||||
.buildAndExpand(uriVariables)
|
||||
.toUriString();
|
||||
}
|
||||
|
||||
@ -184,7 +184,7 @@ public class DefaultServerOAuth2AuthorizationRequestResolver
|
||||
}
|
||||
|
||||
/**
|
||||
* Expands the {@link ClientRegistration#getRedirectUriTemplate()} with following provided variables:<br/>
|
||||
* Expands the {@link ClientRegistration#getRedirectUri()} with following provided variables:<br/>
|
||||
* - baseUrl (e.g. https://localhost/app) <br/>
|
||||
* - baseScheme (e.g. https) <br/>
|
||||
* - baseHost (e.g. localhost) <br/>
|
||||
@ -195,7 +195,7 @@ public class DefaultServerOAuth2AuthorizationRequestResolver
|
||||
* <p/>
|
||||
* Null variables are provided as empty strings.
|
||||
* <p/>
|
||||
* Default redirectUriTemplate is: {@link org.springframework.security.config.oauth2.client}.CommonOAuth2Provider#DEFAULT_REDIRECT_URL
|
||||
* Default redirectUri is: {@code org.springframework.security.config.oauth2.client.CommonOAuth2Provider#DEFAULT_REDIRECT_URL}
|
||||
*
|
||||
* @return expanded URI
|
||||
*/
|
||||
@ -230,7 +230,7 @@ public class DefaultServerOAuth2AuthorizationRequestResolver
|
||||
}
|
||||
uriVariables.put("action", action);
|
||||
|
||||
return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUriTemplate())
|
||||
return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri())
|
||||
.buildAndExpand(uriVariables)
|
||||
.toUriString();
|
||||
}
|
||||
|
||||
@ -60,7 +60,7 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests {
|
||||
Instant.now().plus(Duration.ofDays(1)));
|
||||
|
||||
private ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(this.clientRegistrationId)
|
||||
.redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}")
|
||||
.redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}")
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.scope("read:user")
|
||||
|
||||
@ -215,11 +215,11 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
|
||||
.state("state")
|
||||
.clientId(clientRegistration.getClientId())
|
||||
.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
|
||||
.redirectUri(clientRegistration.getRedirectUriTemplate())
|
||||
.redirectUri(clientRegistration.getRedirectUri())
|
||||
.scopes(clientRegistration.getScopes())
|
||||
.build();
|
||||
OAuth2AuthorizationResponse authorizationResponse = this.authorizationResponseBldr
|
||||
.redirectUri(clientRegistration.getRedirectUriTemplate())
|
||||
.redirectUri(clientRegistration.getRedirectUri())
|
||||
.build();
|
||||
OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
|
||||
authorizationResponse);
|
||||
|
||||
@ -61,7 +61,7 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
|
||||
.clientSecret("secret")
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate("https://client.com/callback/client-1")
|
||||
.redirectUri("https://client.com/callback/client-1")
|
||||
.scope("read", "write")
|
||||
.authorizationUri("https://provider.com/oauth2/authorize")
|
||||
.tokenUri(tokenUri)
|
||||
@ -295,13 +295,13 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
|
||||
.clientId(clientRegistration.getClientId())
|
||||
.state("state-1234")
|
||||
.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
|
||||
.redirectUri(clientRegistration.getRedirectUriTemplate())
|
||||
.redirectUri(clientRegistration.getRedirectUri())
|
||||
.scopes(clientRegistration.getScopes())
|
||||
.build();
|
||||
OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponse
|
||||
.success("code-1234")
|
||||
.state("state-1234")
|
||||
.redirectUri(clientRegistration.getRedirectUriTemplate())
|
||||
.redirectUri(clientRegistration.getRedirectUri())
|
||||
.build();
|
||||
OAuth2AuthorizationExchange authorizationExchange =
|
||||
new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse);
|
||||
@ -320,7 +320,7 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
|
||||
.clientSecret(registration.getClientSecret())
|
||||
.clientAuthenticationMethod(registration.getClientAuthenticationMethod())
|
||||
.authorizationGrantType(registration.getAuthorizationGrantType())
|
||||
.redirectUriTemplate(registration.getRedirectUriTemplate())
|
||||
.redirectUri(registration.getRedirectUri())
|
||||
.scope(registration.getScopes())
|
||||
.authorizationUri(registration.getProviderDetails().getAuthorizationUri())
|
||||
.tokenUri(registration.getProviderDetails().getTokenUri())
|
||||
|
||||
@ -51,7 +51,7 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests {
|
||||
.clientSecret("secret")
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate("https://client.com/callback/client-1")
|
||||
.redirectUri("https://client.com/callback/client-1")
|
||||
.scope("read", "write")
|
||||
.authorizationUri("https://provider.com/oauth2/authorize")
|
||||
.tokenUri("https://provider.com/oauth2/token")
|
||||
@ -99,7 +99,7 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests {
|
||||
assertThat(formParameters.getFirst(OAuth2ParameterNames.CODE)).isEqualTo("code-1234");
|
||||
assertThat(formParameters.getFirst(OAuth2ParameterNames.CLIENT_ID)).isNull();
|
||||
assertThat(formParameters.getFirst(OAuth2ParameterNames.REDIRECT_URI)).isEqualTo(
|
||||
clientRegistration.getRedirectUriTemplate());
|
||||
clientRegistration.getRedirectUri());
|
||||
}
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
@ -145,7 +145,7 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests {
|
||||
AuthorizationGrantType.AUTHORIZATION_CODE.getValue());
|
||||
assertThat(formParameters.getFirst(OAuth2ParameterNames.CODE)).isEqualTo("code-1234");
|
||||
assertThat(formParameters.getFirst(OAuth2ParameterNames.REDIRECT_URI)).isEqualTo(
|
||||
clientRegistration.getRedirectUriTemplate());
|
||||
clientRegistration.getRedirectUri());
|
||||
assertThat(formParameters.getFirst(OAuth2ParameterNames.CLIENT_ID)).isEqualTo("client-1");
|
||||
assertThat(formParameters.getFirst(PkceParameterNames.CODE_VERIFIER)).isEqualTo("code-verifier-1234");
|
||||
}
|
||||
|
||||
@ -55,7 +55,7 @@ public class OAuth2ClientCredentialsGrantRequestTests {
|
||||
ClientRegistration clientRegistration = ClientRegistration.withRegistrationId("registration-1")
|
||||
.clientId("client-1")
|
||||
.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
|
||||
.redirectUriTemplate("https://localhost:8080/redirect-uri")
|
||||
.redirectUri("https://localhost:8080/redirect-uri")
|
||||
.authorizationUri("https://provider.com/oauth2/auth")
|
||||
.clientName("Client 1")
|
||||
.build();
|
||||
|
||||
@ -252,13 +252,13 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
|
||||
.clientId(registration.getClientId())
|
||||
.state("state")
|
||||
.authorizationUri(registration.getProviderDetails().getAuthorizationUri())
|
||||
.redirectUri(registration.getRedirectUriTemplate())
|
||||
.redirectUri(registration.getRedirectUri())
|
||||
.scopes(registration.getScopes())
|
||||
.build();
|
||||
OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponse
|
||||
.success("code")
|
||||
.state("state")
|
||||
.redirectUri(registration.getRedirectUriTemplate())
|
||||
.redirectUri(registration.getRedirectUri())
|
||||
.build();
|
||||
OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
|
||||
authorizationResponse);
|
||||
@ -331,7 +331,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
|
||||
.clientId(registration.getClientId())
|
||||
.state("state")
|
||||
.authorizationUri(registration.getProviderDetails().getAuthorizationUri())
|
||||
.redirectUri(registration.getRedirectUriTemplate())
|
||||
.redirectUri(registration.getRedirectUri())
|
||||
.scopes(registration.getScopes())
|
||||
.attributes(attributes)
|
||||
.additionalParameters(additionalParameters)
|
||||
@ -339,7 +339,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
|
||||
OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponse
|
||||
.success("code")
|
||||
.state("state")
|
||||
.redirectUri(registration.getRedirectUriTemplate())
|
||||
.redirectUri(registration.getRedirectUri())
|
||||
.build();
|
||||
OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
|
||||
authorizationResponse);
|
||||
|
||||
@ -124,8 +124,8 @@ public class OAuth2AuthorizedClientMixinTests {
|
||||
.isEqualTo(expectedClientRegistration.getClientAuthenticationMethod());
|
||||
assertThat(clientRegistration.getAuthorizationGrantType())
|
||||
.isEqualTo(expectedClientRegistration.getAuthorizationGrantType());
|
||||
assertThat(clientRegistration.getRedirectUriTemplate())
|
||||
.isEqualTo(expectedClientRegistration.getRedirectUriTemplate());
|
||||
assertThat(clientRegistration.getRedirectUri())
|
||||
.isEqualTo(expectedClientRegistration.getRedirectUri());
|
||||
assertThat(clientRegistration.getScopes())
|
||||
.isEqualTo(expectedClientRegistration.getScopes());
|
||||
assertThat(clientRegistration.getProviderDetails().getAuthorizationUri())
|
||||
@ -194,8 +194,8 @@ public class OAuth2AuthorizedClientMixinTests {
|
||||
.isEqualTo(expectedClientRegistration.getClientAuthenticationMethod());
|
||||
assertThat(clientRegistration.getAuthorizationGrantType())
|
||||
.isEqualTo(expectedClientRegistration.getAuthorizationGrantType());
|
||||
assertThat(clientRegistration.getRedirectUriTemplate())
|
||||
.isEqualTo(expectedClientRegistration.getRedirectUriTemplate());
|
||||
assertThat(clientRegistration.getRedirectUri())
|
||||
.isEqualTo(expectedClientRegistration.getRedirectUri());
|
||||
assertThat(clientRegistration.getScopes())
|
||||
.isEqualTo(expectedClientRegistration.getScopes());
|
||||
assertThat(clientRegistration.getProviderDetails().getAuthorizationUri())
|
||||
@ -263,7 +263,7 @@ public class OAuth2AuthorizedClientMixinTests {
|
||||
" \"authorizationGrantType\": {\n" +
|
||||
" \"value\": \"" + clientRegistration.getAuthorizationGrantType().getValue() + "\"\n" +
|
||||
" },\n" +
|
||||
" \"redirectUriTemplate\": \"" + clientRegistration.getRedirectUriTemplate() + "\",\n" +
|
||||
" \"redirectUri\": \"" + clientRegistration.getRedirectUri() + "\",\n" +
|
||||
" \"scopes\": [\n" +
|
||||
" \"java.util.Collections$UnmodifiableSet\",\n" +
|
||||
" [" + scopes + "]\n" +
|
||||
|
||||
@ -380,13 +380,13 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
|
||||
.state("state")
|
||||
.clientId(clientRegistration.getClientId())
|
||||
.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
|
||||
.redirectUri(clientRegistration.getRedirectUriTemplate())
|
||||
.redirectUri(clientRegistration.getRedirectUri())
|
||||
.scopes(clientRegistration.getScopes())
|
||||
.additionalParameters(additionalParameters)
|
||||
.attributes(attributes)
|
||||
.build();
|
||||
OAuth2AuthorizationResponse authorizationResponse = this.authorizationResponseBldr
|
||||
.redirectUri(clientRegistration.getRedirectUriTemplate())
|
||||
.redirectUri(clientRegistration.getRedirectUri())
|
||||
.build();
|
||||
OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
|
||||
authorizationResponse);
|
||||
|
||||
@ -67,7 +67,7 @@ public class ClientRegistrationTests {
|
||||
.clientSecret(CLIENT_SECRET)
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(null)
|
||||
.redirectUriTemplate(REDIRECT_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPES.toArray(new String[0]))
|
||||
.authorizationUri(AUTHORIZATION_URI)
|
||||
.tokenUri(TOKEN_URI)
|
||||
@ -84,7 +84,7 @@ public class ClientRegistrationTests {
|
||||
.clientSecret(CLIENT_SECRET)
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate(REDIRECT_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPES.toArray(new String[0]))
|
||||
.authorizationUri(AUTHORIZATION_URI)
|
||||
.tokenUri(TOKEN_URI)
|
||||
@ -100,7 +100,7 @@ public class ClientRegistrationTests {
|
||||
assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET);
|
||||
assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
|
||||
assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||
assertThat(registration.getRedirectUriTemplate()).isEqualTo(REDIRECT_URI);
|
||||
assertThat(registration.getRedirectUri()).isEqualTo(REDIRECT_URI);
|
||||
assertThat(registration.getScopes()).isEqualTo(SCOPES);
|
||||
assertThat(registration.getProviderDetails().getAuthorizationUri()).isEqualTo(AUTHORIZATION_URI);
|
||||
assertThat(registration.getProviderDetails().getTokenUri()).isEqualTo(TOKEN_URI);
|
||||
@ -118,7 +118,7 @@ public class ClientRegistrationTests {
|
||||
.clientSecret(CLIENT_SECRET)
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate(REDIRECT_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPES.toArray(new String[0]))
|
||||
.authorizationUri(AUTHORIZATION_URI)
|
||||
.tokenUri(TOKEN_URI)
|
||||
@ -135,7 +135,7 @@ public class ClientRegistrationTests {
|
||||
.clientSecret(CLIENT_SECRET)
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate(REDIRECT_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPES.toArray(new String[0]))
|
||||
.authorizationUri(AUTHORIZATION_URI)
|
||||
.tokenUri(TOKEN_URI)
|
||||
@ -152,7 +152,7 @@ public class ClientRegistrationTests {
|
||||
.clientSecret(null)
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate(REDIRECT_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPES.toArray(new String[0]))
|
||||
.authorizationUri(AUTHORIZATION_URI)
|
||||
.tokenUri(TOKEN_URI)
|
||||
@ -169,7 +169,7 @@ public class ClientRegistrationTests {
|
||||
.clientId(CLIENT_ID)
|
||||
.clientSecret(CLIENT_SECRET)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate(REDIRECT_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPES.toArray(new String[0]))
|
||||
.authorizationUri(AUTHORIZATION_URI)
|
||||
.tokenUri(TOKEN_URI)
|
||||
@ -186,7 +186,7 @@ public class ClientRegistrationTests {
|
||||
.clientId(CLIENT_ID)
|
||||
.clientSecret(null)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate(REDIRECT_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPES.toArray(new String[0]))
|
||||
.authorizationUri(AUTHORIZATION_URI)
|
||||
.tokenUri(TOKEN_URI)
|
||||
@ -203,7 +203,7 @@ public class ClientRegistrationTests {
|
||||
.clientId(CLIENT_ID)
|
||||
.clientSecret(" ")
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate(REDIRECT_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPES.toArray(new String[0]))
|
||||
.authorizationUri(AUTHORIZATION_URI)
|
||||
.tokenUri(TOKEN_URI)
|
||||
@ -222,7 +222,7 @@ public class ClientRegistrationTests {
|
||||
.clientSecret(CLIENT_SECRET)
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate(null)
|
||||
.redirectUri(null)
|
||||
.scope(SCOPES.toArray(new String[0]))
|
||||
.authorizationUri(AUTHORIZATION_URI)
|
||||
.tokenUri(TOKEN_URI)
|
||||
@ -240,7 +240,7 @@ public class ClientRegistrationTests {
|
||||
.clientSecret(CLIENT_SECRET)
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate(REDIRECT_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope((String[]) null)
|
||||
.authorizationUri(AUTHORIZATION_URI)
|
||||
.tokenUri(TOKEN_URI)
|
||||
@ -257,7 +257,7 @@ public class ClientRegistrationTests {
|
||||
.clientSecret(CLIENT_SECRET)
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate(REDIRECT_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPES.toArray(new String[0]))
|
||||
.authorizationUri(null)
|
||||
.tokenUri(TOKEN_URI)
|
||||
@ -274,7 +274,7 @@ public class ClientRegistrationTests {
|
||||
.clientSecret(CLIENT_SECRET)
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate(REDIRECT_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPES.toArray(new String[0]))
|
||||
.authorizationUri(AUTHORIZATION_URI)
|
||||
.tokenUri(null)
|
||||
@ -291,7 +291,7 @@ public class ClientRegistrationTests {
|
||||
.clientSecret(CLIENT_SECRET)
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate(REDIRECT_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPES.toArray(new String[0]))
|
||||
.authorizationUri(AUTHORIZATION_URI)
|
||||
.tokenUri(TOKEN_URI)
|
||||
@ -308,7 +308,7 @@ public class ClientRegistrationTests {
|
||||
.clientSecret(CLIENT_SECRET)
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate(REDIRECT_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope("scope1")
|
||||
.authorizationUri(AUTHORIZATION_URI)
|
||||
.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
|
||||
@ -325,7 +325,7 @@ public class ClientRegistrationTests {
|
||||
.clientSecret(CLIENT_SECRET)
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate(REDIRECT_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.authorizationUri(AUTHORIZATION_URI)
|
||||
.tokenUri(TOKEN_URI)
|
||||
.clientName(CLIENT_NAME)
|
||||
@ -339,7 +339,7 @@ public class ClientRegistrationTests {
|
||||
.clientSecret(CLIENT_SECRET)
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate(REDIRECT_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPES.toArray(new String[0]))
|
||||
.authorizationUri(AUTHORIZATION_URI)
|
||||
.tokenUri(TOKEN_URI)
|
||||
@ -359,7 +359,7 @@ public class ClientRegistrationTests {
|
||||
.clientSecret(CLIENT_SECRET)
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate(REDIRECT_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPES.toArray(new String[0]))
|
||||
.authorizationUri(AUTHORIZATION_URI)
|
||||
.tokenUri(TOKEN_URI)
|
||||
@ -377,7 +377,7 @@ public class ClientRegistrationTests {
|
||||
ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
|
||||
.clientId(CLIENT_ID)
|
||||
.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
|
||||
.redirectUriTemplate(REDIRECT_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPES.toArray(new String[0]))
|
||||
.authorizationUri(AUTHORIZATION_URI)
|
||||
.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
|
||||
@ -387,7 +387,7 @@ public class ClientRegistrationTests {
|
||||
assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID);
|
||||
assertThat(registration.getClientId()).isEqualTo(CLIENT_ID);
|
||||
assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.IMPLICIT);
|
||||
assertThat(registration.getRedirectUriTemplate()).isEqualTo(REDIRECT_URI);
|
||||
assertThat(registration.getRedirectUri()).isEqualTo(REDIRECT_URI);
|
||||
assertThat(registration.getScopes()).isEqualTo(SCOPES);
|
||||
assertThat(registration.getProviderDetails().getAuthorizationUri()).isEqualTo(AUTHORIZATION_URI);
|
||||
assertThat(registration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod()).isEqualTo(AuthenticationMethod.FORM);
|
||||
@ -399,7 +399,7 @@ public class ClientRegistrationTests {
|
||||
ClientRegistration.withRegistrationId(null)
|
||||
.clientId(CLIENT_ID)
|
||||
.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
|
||||
.redirectUriTemplate(REDIRECT_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPES.toArray(new String[0]))
|
||||
.authorizationUri(AUTHORIZATION_URI)
|
||||
.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
|
||||
@ -412,7 +412,7 @@ public class ClientRegistrationTests {
|
||||
ClientRegistration.withRegistrationId(REGISTRATION_ID)
|
||||
.clientId(null)
|
||||
.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
|
||||
.redirectUriTemplate(REDIRECT_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPES.toArray(new String[0]))
|
||||
.authorizationUri(AUTHORIZATION_URI)
|
||||
.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
|
||||
@ -425,7 +425,7 @@ public class ClientRegistrationTests {
|
||||
ClientRegistration.withRegistrationId(REGISTRATION_ID)
|
||||
.clientId(CLIENT_ID)
|
||||
.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
|
||||
.redirectUriTemplate(null)
|
||||
.redirectUri(null)
|
||||
.scope(SCOPES.toArray(new String[0]))
|
||||
.authorizationUri(AUTHORIZATION_URI)
|
||||
.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
|
||||
@ -439,7 +439,7 @@ public class ClientRegistrationTests {
|
||||
ClientRegistration.withRegistrationId(REGISTRATION_ID)
|
||||
.clientId(CLIENT_ID)
|
||||
.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
|
||||
.redirectUriTemplate(REDIRECT_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope((String[]) null)
|
||||
.authorizationUri(AUTHORIZATION_URI)
|
||||
.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
|
||||
@ -452,7 +452,7 @@ public class ClientRegistrationTests {
|
||||
ClientRegistration.withRegistrationId(REGISTRATION_ID)
|
||||
.clientId(CLIENT_ID)
|
||||
.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
|
||||
.redirectUriTemplate(REDIRECT_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPES.toArray(new String[0]))
|
||||
.authorizationUri(null)
|
||||
.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
|
||||
@ -465,7 +465,7 @@ public class ClientRegistrationTests {
|
||||
ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
|
||||
.clientId(CLIENT_ID)
|
||||
.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
|
||||
.redirectUriTemplate(REDIRECT_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPES.toArray(new String[0]))
|
||||
.authorizationUri(AUTHORIZATION_URI)
|
||||
.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
|
||||
@ -482,7 +482,7 @@ public class ClientRegistrationTests {
|
||||
.clientSecret(CLIENT_SECRET)
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate(REDIRECT_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPES.toArray(new String[0]))
|
||||
.authorizationUri(AUTHORIZATION_URI)
|
||||
.tokenUri(TOKEN_URI)
|
||||
@ -726,8 +726,8 @@ public class ClientRegistrationTests {
|
||||
.isEqualTo(updated.getClientAuthenticationMethod());
|
||||
assertThat(clientRegistration.getAuthorizationGrantType())
|
||||
.isEqualTo(updated.getAuthorizationGrantType());
|
||||
assertThat(clientRegistration.getRedirectUriTemplate())
|
||||
.isEqualTo(updated.getRedirectUriTemplate());
|
||||
assertThat(clientRegistration.getRedirectUri())
|
||||
.isEqualTo(updated.getRedirectUri());
|
||||
assertThat(clientRegistration.getScopes()).isEqualTo(updated.getScopes());
|
||||
|
||||
ClientRegistration.ProviderDetails providerDetails = clientRegistration.getProviderDetails();
|
||||
@ -780,7 +780,7 @@ public class ClientRegistrationTests {
|
||||
.clientId(CLIENT_ID)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.clientAuthenticationMethod(clientAuthenticationMethod)
|
||||
.redirectUriTemplate(REDIRECT_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.authorizationUri(AUTHORIZATION_URI)
|
||||
.tokenUri(TOKEN_URI)
|
||||
.build();
|
||||
|
||||
@ -26,7 +26,7 @@ import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
public class TestClientRegistrations {
|
||||
public static ClientRegistration.Builder clientRegistration() {
|
||||
return ClientRegistration.withRegistrationId("registration-id")
|
||||
.redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}")
|
||||
.redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}")
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.scope("read:user")
|
||||
@ -43,7 +43,7 @@ public class TestClientRegistrations {
|
||||
|
||||
public static ClientRegistration.Builder clientRegistration2() {
|
||||
return ClientRegistration.withRegistrationId("registration-id-2")
|
||||
.redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}")
|
||||
.redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}")
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.scope("read:user")
|
||||
|
||||
@ -48,7 +48,7 @@ public class OAuth2UserRequestTests {
|
||||
.clientSecret("secret")
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate("https://client.com")
|
||||
.redirectUri("https://client.com")
|
||||
.scope(new LinkedHashSet<>(Arrays.asList("scope1", "scope2")))
|
||||
.authorizationUri("https://provider.com/oauth2/authorization")
|
||||
.tokenUri("https://provider.com/oauth2/token")
|
||||
|
||||
@ -184,7 +184,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
|
||||
|
||||
OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
|
||||
assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(
|
||||
clientRegistration.getRedirectUriTemplate());
|
||||
clientRegistration.getRedirectUri());
|
||||
assertThat(authorizationRequest.getRedirectUri()).isEqualTo(
|
||||
"http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId());
|
||||
}
|
||||
@ -198,7 +198,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
|
||||
request.setServletPath(requestUri);
|
||||
|
||||
OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
|
||||
assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUriTemplate());
|
||||
assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri());
|
||||
assertThat(authorizationRequest.getRedirectUri()).isEqualTo(
|
||||
"http://localhost:8080/login/oauth2/code/" + clientRegistration.getRegistrationId());
|
||||
}
|
||||
@ -213,7 +213,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
|
||||
request.setServletPath(requestUri);
|
||||
|
||||
OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
|
||||
assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUriTemplate());
|
||||
assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri());
|
||||
assertThat(authorizationRequest.getRedirectUri()).isEqualTo(
|
||||
"https://localhost:8081/login/oauth2/code/" + clientRegistration.getRegistrationId());
|
||||
}
|
||||
@ -228,7 +228,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
|
||||
request.setServletPath(requestUri);
|
||||
|
||||
OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
|
||||
assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUriTemplate());
|
||||
assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri());
|
||||
assertThat(authorizationRequest.getRedirectUri()).isEqualTo(
|
||||
"http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId());
|
||||
}
|
||||
@ -243,7 +243,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
|
||||
request.setServletPath(requestUri);
|
||||
|
||||
OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
|
||||
assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUriTemplate());
|
||||
assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri());
|
||||
assertThat(authorizationRequest.getRedirectUri()).isEqualTo(
|
||||
"https://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId());
|
||||
}
|
||||
@ -258,7 +258,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
|
||||
request.setServletPath(requestUri);
|
||||
|
||||
OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
|
||||
assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUriTemplate());
|
||||
assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri());
|
||||
assertThat(authorizationRequest.getRedirectUri()).isEqualTo(
|
||||
"https://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId());
|
||||
}
|
||||
@ -274,7 +274,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
|
||||
|
||||
OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
|
||||
assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(
|
||||
clientRegistration.getRedirectUriTemplate());
|
||||
clientRegistration.getRedirectUri());
|
||||
assertThat(authorizationRequest.getRedirectUri()).isEqualTo(
|
||||
"http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId());
|
||||
}
|
||||
@ -518,7 +518,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
|
||||
|
||||
private static ClientRegistration.Builder fineRedirectUriTemplateClientRegistration() {
|
||||
return ClientRegistration.withRegistrationId("fine-redirect-uri-template-client-registration")
|
||||
.redirectUriTemplate("{baseScheme}://{baseHost}{basePort}{basePath}/{action}/oauth2/code/{registrationId}")
|
||||
.redirectUri("{baseScheme}://{baseHost}{basePort}{basePath}/{action}/oauth2/code/{registrationId}")
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.scope("read:user")
|
||||
|
||||
@ -65,7 +65,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
|
||||
this.registration3 = TestClientRegistrations.clientRegistration()
|
||||
.registrationId("registration-3")
|
||||
.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
|
||||
.redirectUriTemplate("{baseUrl}/authorize/oauth2/implicit/{registrationId}")
|
||||
.redirectUri("{baseUrl}/authorize/oauth2/implicit/{registrationId}")
|
||||
.build();
|
||||
this.clientRegistrationRepository = new InMemoryClientRegistrationRepository(
|
||||
this.registration1, this.registration2, this.registration3);
|
||||
|
||||
@ -213,7 +213,7 @@ public class OAuth2LoginAuthenticationFilterTests {
|
||||
.clientSecret("secret")
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
|
||||
.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
|
||||
.scope("user")
|
||||
.authorizationUri("https://provider.com/oauth2/authorize")
|
||||
.tokenUri("https://provider.com/oauth2/token")
|
||||
@ -455,7 +455,7 @@ public class OAuth2LoginAuthenticationFilterTests {
|
||||
uriVariables.put("action", "login");
|
||||
uriVariables.put("registrationId", clientRegistration.getRegistrationId());
|
||||
|
||||
return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUriTemplate())
|
||||
return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri())
|
||||
.buildAndExpand(uriVariables)
|
||||
.toUriString();
|
||||
}
|
||||
|
||||
@ -94,7 +94,7 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
|
||||
.clientSecret("secret")
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
|
||||
.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
|
||||
.scope("user")
|
||||
.authorizationUri("https://provider.com/oauth2/authorize")
|
||||
.tokenUri("https://provider.com/oauth2/token")
|
||||
|
||||
@ -57,7 +57,7 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTest {
|
||||
private String clientRegistrationId = "github";
|
||||
|
||||
private ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(this.clientRegistrationId)
|
||||
.redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}")
|
||||
.redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}")
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.scope("read:user")
|
||||
|
||||
@ -97,11 +97,11 @@ public class OAuth2LoginAuthenticationWebFilterTests {
|
||||
.state("state")
|
||||
.clientId(clientRegistration.getClientId())
|
||||
.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
|
||||
.redirectUri(clientRegistration.getRedirectUriTemplate())
|
||||
.redirectUri(clientRegistration.getRedirectUri())
|
||||
.scopes(clientRegistration.getScopes())
|
||||
.build();
|
||||
OAuth2AuthorizationResponse authorizationResponse = this.authorizationResponseBldr
|
||||
.redirectUri(clientRegistration.getRedirectUriTemplate())
|
||||
.redirectUri(clientRegistration.getRedirectUri())
|
||||
.build();
|
||||
OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
|
||||
authorizationResponse);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user