From 1e891b38ab678ebd7519c3bafb166c75fb2a1d9f Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Wed, 18 Oct 2017 16:41:57 -0400 Subject: [PATCH] Rename scope -> scopes for Set types Fixes gh-4644 --- .../oauth2/client/CommonOAuth2Provider.java | 8 ++--- .../client/CommonOAuth2ProviderTests.java | 8 ++--- ...thorizationCodeAuthenticationProvider.java | 4 +-- ...NimbusAuthorizationCodeTokenExchanger.java | 6 ++-- .../OAuth2ClientAuthenticationToken.java | 10 +++--- .../OAuth2UserAuthenticationProvider.java | 2 +- .../registration/ClientRegistration.java | 34 +++++++++---------- .../token/InMemoryAccessTokenRepository.java | 3 +- .../AuthorizationRequestRedirectFilter.java | 2 +- ...DefaultAuthorizationRequestUriBuilder.java | 2 +- ...thorizationCodeAuthenticationProvider.java | 4 +-- .../userinfo/OidcUserService.java | 2 +- ...rizationCodeAuthenticationFilterTests.java | 2 +- ...thorizationRequestRedirectFilterTests.java | 2 +- ...ltAuthorizationRequestUriBuilderTests.java | 2 +- .../security/oauth2/core/AccessToken.java | 12 +++---- .../core/endpoint/AuthorizationRequest.java | 18 +++++----- .../oauth2/core/endpoint/TokenResponse.java | 12 +++---- .../endpoint/AuthorizationRequestTest.java | 20 +++++------ .../core/endpoint/TokenResponseTest.java | 4 +-- .../samples/OAuth2LoginApplicationTests.java | 3 +- 21 files changed, 79 insertions(+), 81 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java b/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java index 9d823735f2..38a1bad3eb 100644 --- a/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java +++ b/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java @@ -37,7 +37,7 @@ public enum CommonOAuth2Provider { public Builder getBuilder(String registrationId) { ClientRegistration.Builder builder = getBuilder(registrationId, ClientAuthenticationMethod.BASIC, DEFAULT_REDIRECT_URL); - builder.scope("openid", "profile", "email", "address", "phone"); + builder.scopes("openid", "profile", "email", "address", "phone"); builder.authorizationUri("https://accounts.google.com/o/oauth2/v2/auth"); builder.tokenUri("https://www.googleapis.com/oauth2/v4/token"); builder.jwkSetUri("https://www.googleapis.com/oauth2/v3/certs"); @@ -54,7 +54,7 @@ public enum CommonOAuth2Provider { public Builder getBuilder(String registrationId) { ClientRegistration.Builder builder = getBuilder(registrationId, ClientAuthenticationMethod.BASIC, DEFAULT_REDIRECT_URL); - builder.scope("user"); + builder.scopes("user"); builder.authorizationUri("https://github.com/login/oauth/authorize"); builder.tokenUri("https://github.com/login/oauth/access_token"); builder.userInfoUri("https://api.github.com/user"); @@ -70,7 +70,7 @@ public enum CommonOAuth2Provider { public Builder getBuilder(String registrationId) { ClientRegistration.Builder builder = getBuilder(registrationId, ClientAuthenticationMethod.POST, DEFAULT_REDIRECT_URL); - builder.scope("public_profile", "email"); + builder.scopes("public_profile", "email"); builder.authorizationUri("https://www.facebook.com/v2.8/dialog/oauth"); builder.tokenUri("https://graph.facebook.com/v2.8/oauth/access_token"); builder.userInfoUri("https://graph.facebook.com/me"); @@ -86,7 +86,7 @@ public enum CommonOAuth2Provider { public Builder getBuilder(String registrationId) { ClientRegistration.Builder builder = getBuilder(registrationId, ClientAuthenticationMethod.BASIC, DEFAULT_REDIRECT_URL); - builder.scope("openid", "profile", "email", "address", "phone"); + builder.scopes("openid", "profile", "email", "address", "phone"); builder.userNameAttributeName(IdTokenClaim.SUB); builder.clientName("Okta"); return builder; diff --git a/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java b/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java index 5074b07f48..b709448015 100644 --- a/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java +++ b/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java @@ -52,7 +52,7 @@ public class CommonOAuth2ProviderTests { assertThat(registration.getAuthorizationGrantType()) .isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL); - assertThat(registration.getScope()).containsOnly("openid", "profile", "email", + assertThat(registration.getScopes()).containsOnly("openid", "profile", "email", "address", "phone"); assertThat(registration.getClientName()).isEqualTo("Google"); assertThat(registration.getRegistrationId()).isEqualTo("123"); @@ -76,7 +76,7 @@ public class CommonOAuth2ProviderTests { assertThat(registration.getAuthorizationGrantType()) .isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL); - assertThat(registration.getScope()).containsOnly("user"); + assertThat(registration.getScopes()).containsOnly("user"); assertThat(registration.getClientName()).isEqualTo("GitHub"); assertThat(registration.getRegistrationId()).isEqualTo("123"); } @@ -99,7 +99,7 @@ public class CommonOAuth2ProviderTests { assertThat(registration.getAuthorizationGrantType()) .isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL); - assertThat(registration.getScope()).containsOnly("public_profile", "email"); + assertThat(registration.getScopes()).containsOnly("public_profile", "email"); assertThat(registration.getClientName()).isEqualTo("Facebook"); assertThat(registration.getRegistrationId()).isEqualTo("123"); } @@ -124,7 +124,7 @@ public class CommonOAuth2ProviderTests { assertThat(registration.getAuthorizationGrantType()) .isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL); - assertThat(registration.getScope()).containsOnly("openid", "profile", "email", + assertThat(registration.getScopes()).containsOnly("openid", "profile", "email", "address", "phone"); assertThat(registration.getClientName()).isEqualTo("Okta"); assertThat(registration.getRegistrationId()).isEqualTo("123"); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java index abb310ea4a..2e9b2f278c 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java @@ -65,7 +65,7 @@ public class AuthorizationCodeAuthenticationProvider implements AuthenticationPr // Section 3.1.2.1 Authentication Request - http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest // scope // REQUIRED. OpenID Connect requests MUST contain the "openid" scope value. - if (authorizationCodeAuthentication.getAuthorizationRequest().getScope().contains("openid")) { + if (authorizationCodeAuthentication.getAuthorizationRequest().getScopes().contains("openid")) { // This is an OpenID Connect Authentication Request so return null // and let OidcAuthorizationCodeAuthenticationProvider handle it instead return null; @@ -94,7 +94,7 @@ public class AuthorizationCodeAuthenticationProvider implements AuthenticationPr AccessToken accessToken = new AccessToken(tokenResponse.getTokenType(), tokenResponse.getTokenValue(), tokenResponse.getIssuedAt(), - tokenResponse.getExpiresAt(), tokenResponse.getScope()); + tokenResponse.getExpiresAt(), tokenResponse.getScopes()); OAuth2ClientAuthenticationToken clientAuthentication = new OAuth2ClientAuthenticationToken(authorizationCodeAuthentication.getClientRegistration(), accessToken); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/NimbusAuthorizationCodeTokenExchanger.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/NimbusAuthorizationCodeTokenExchanger.java index 7794500cac..c735e6a9df 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/NimbusAuthorizationCodeTokenExchanger.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/NimbusAuthorizationCodeTokenExchanger.java @@ -122,16 +122,16 @@ public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrant accessTokenType = AccessToken.TokenType.BEARER; } long expiresIn = accessTokenResponse.getTokens().getAccessToken().getLifetime(); - Set scope = Collections.emptySet(); + Set scopes = Collections.emptySet(); if (!CollectionUtils.isEmpty(accessTokenResponse.getTokens().getAccessToken().getScope())) { - scope = new LinkedHashSet<>(accessTokenResponse.getTokens().getAccessToken().getScope().toStringList()); + scopes = new LinkedHashSet<>(accessTokenResponse.getTokens().getAccessToken().getScope().toStringList()); } Map additionalParameters = new LinkedHashMap<>(accessTokenResponse.getCustomParameters()); return TokenResponse.withToken(accessToken) .tokenType(accessTokenType) .expiresIn(expiresIn) - .scope(scope) + .scopes(scopes) .additionalParameters(additionalParameters) .build(); } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2ClientAuthenticationToken.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2ClientAuthenticationToken.java index 7b79204d38..88b26c7ef4 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2ClientAuthenticationToken.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2ClientAuthenticationToken.java @@ -74,13 +74,13 @@ public class OAuth2ClientAuthenticationToken extends AbstractAuthenticationToken return this.accessToken; } - public final Set getAuthorizedScope() { + public final Set getAuthorizedScopes() { // As per spec, in section 5.1 Successful Access Token Response // https://tools.ietf.org/html/rfc6749#section-5.1 - // If AccessToken.scope is empty, then default to the scope + // If AccessToken.scopes is empty, then default to the scopes // originally requested by the client in the Authorization Request - return (CollectionUtils.isEmpty(this.getAccessToken().getScope()) ? - this.getClientRegistration().getScope() : - this.getAccessToken().getScope()); + return (CollectionUtils.isEmpty(this.getAccessToken().getScopes()) ? + this.getClientRegistration().getScopes() : + this.getAccessToken().getScopes()); } } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/OAuth2UserAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/OAuth2UserAuthenticationProvider.java index 0c1fcd1a4b..e43d42da30 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/OAuth2UserAuthenticationProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/userinfo/OAuth2UserAuthenticationProvider.java @@ -64,7 +64,7 @@ public class OAuth2UserAuthenticationProvider implements AuthenticationProvider // Section 3.1.2.1 Authentication Request - http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest // scope // REQUIRED. OpenID Connect requests MUST contain the "openid" scope value. - if (clientAuthentication.getAuthorizedScope().contains("openid")) { + if (clientAuthentication.getAuthorizedScopes().contains("openid")) { // This is an OpenID Connect Authentication Request so return null // and let OidcUserAuthenticationProvider handle it instead return null; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java index 40254bc5a8..a8b458c46f 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java @@ -40,7 +40,7 @@ public class ClientRegistration { private ClientAuthenticationMethod clientAuthenticationMethod = ClientAuthenticationMethod.BASIC; private AuthorizationGrantType authorizationGrantType; private String redirectUri; - private Set scope = Collections.emptySet(); + private Set scopes = Collections.emptySet(); private ProviderDetails providerDetails = new ProviderDetails(); private String clientName; @@ -95,12 +95,12 @@ public class ClientRegistration { this.redirectUri = redirectUri; } - public Set getScope() { - return this.scope; + public Set getScopes() { + return this.scopes; } - protected void setScope(Set scope) { - this.scope = scope; + protected void setScopes(Set scopes) { + this.scopes = scopes; } public ProviderDetails getProviderDetails() { @@ -192,7 +192,7 @@ public class ClientRegistration { private ClientAuthenticationMethod clientAuthenticationMethod = ClientAuthenticationMethod.BASIC; private AuthorizationGrantType authorizationGrantType; private String redirectUri; - private Set scope; + private Set scopes; private String authorizationUri; private String tokenUri; private String userInfoUri; @@ -212,7 +212,7 @@ public class ClientRegistration { this.authorizationGrantType(clientRegistrationProperties.getAuthorizationGrantType()); this.redirectUri(clientRegistrationProperties.getRedirectUri()); if (!CollectionUtils.isEmpty(clientRegistrationProperties.getScope())) { - this.scope(clientRegistrationProperties.getScope().toArray(new String[0])); + this.scopes(clientRegistrationProperties.getScope().toArray(new String[0])); } this.authorizationUri(clientRegistrationProperties.getAuthorizationUri()); this.tokenUri(clientRegistrationProperties.getTokenUri()); @@ -229,8 +229,8 @@ public class ClientRegistration { this.clientAuthenticationMethod(clientRegistration.getClientAuthenticationMethod()); this.authorizationGrantType(clientRegistration.getAuthorizationGrantType()); this.redirectUri(clientRegistration.getRedirectUri()); - if (!CollectionUtils.isEmpty(clientRegistration.getScope())) { - this.scope(clientRegistration.getScope().toArray(new String[0])); + if (!CollectionUtils.isEmpty(clientRegistration.getScopes())) { + this.scopes(clientRegistration.getScopes().toArray(new String[0])); } this.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri()); this.tokenUri(clientRegistration.getProviderDetails().getTokenUri()); @@ -265,10 +265,10 @@ public class ClientRegistration { return this; } - public Builder scope(String... scope) { - if (scope != null && scope.length > 0) { - this.scope = Collections.unmodifiableSet( - new LinkedHashSet<>(Arrays.asList(scope))); + public Builder scopes(String... scopes) { + if (scopes != null && scopes.length > 0) { + this.scopes = Collections.unmodifiableSet( + new LinkedHashSet<>(Arrays.asList(scopes))); } return this; } @@ -322,7 +322,7 @@ public class ClientRegistration { clientRegistration.setClientAuthenticationMethod(this.clientAuthenticationMethod); clientRegistration.setAuthorizationGrantType(this.authorizationGrantType); clientRegistration.setRedirectUri(this.redirectUri); - clientRegistration.setScope(this.scope); + clientRegistration.setScopes(this.scopes); ProviderDetails providerDetails = clientRegistration.new ProviderDetails(); providerDetails.setAuthorizationUri(this.authorizationUri); @@ -345,10 +345,10 @@ public class ClientRegistration { Assert.hasText(this.clientSecret, "clientSecret cannot be empty"); Assert.notNull(this.clientAuthenticationMethod, "clientAuthenticationMethod cannot be null"); Assert.hasText(this.redirectUri, "redirectUri cannot be empty"); - Assert.notEmpty(this.scope, "scope cannot be empty"); + Assert.notEmpty(this.scopes, "scopes cannot be empty"); Assert.hasText(this.authorizationUri, "authorizationUri cannot be empty"); Assert.hasText(this.tokenUri, "tokenUri cannot be empty"); - if (this.scope.contains(OidcScope.OPENID)) { + if (this.scopes.contains(OidcScope.OPENID)) { // OIDC Clients need to verify/validate the ID Token Assert.hasText(this.jwkSetUri, "jwkSetUri cannot be empty"); } @@ -361,7 +361,7 @@ public class ClientRegistration { Assert.hasText(this.registrationId, "registrationId cannot be empty"); Assert.hasText(this.clientId, "clientId cannot be empty"); Assert.hasText(this.redirectUri, "redirectUri cannot be empty"); - Assert.notEmpty(this.scope, "scope cannot be empty"); + Assert.notEmpty(this.scopes, "scopes cannot be empty"); Assert.hasText(this.authorizationUri, "authorizationUri cannot be empty"); Assert.hasText(this.clientName, "clientName cannot be empty"); } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/token/InMemoryAccessTokenRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/token/InMemoryAccessTokenRepository.java index 7f33bedb20..669be0e708 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/token/InMemoryAccessTokenRepository.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/token/InMemoryAccessTokenRepository.java @@ -21,7 +21,6 @@ import org.springframework.security.oauth2.core.AccessToken; import org.springframework.util.Assert; import java.util.Base64; -import java.util.HashMap; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; @@ -76,7 +75,7 @@ public final class InMemoryAccessTokenRepository implements SecurityTokenReposit builder.append("[").append(clientRegistration.getClientId()).append("]"); // Access Token Response attributes - builder.append("[").append(clientRegistration.getScope().toString()).append("]"); + builder.append("[").append(clientRegistration.getScopes().toString()).append("]"); return Base64.getEncoder().encodeToString(builder.toString().getBytes()); } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRedirectFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRedirectFilter.java index ed24e0207b..8dc4003eed 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRedirectFilter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRedirectFilter.java @@ -146,7 +146,7 @@ public class AuthorizationRequestRedirectFilter extends OncePerRequestFilter { .clientId(clientRegistration.getClientId()) .authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri()) .redirectUri(redirectUriStr) - .scope(clientRegistration.getScope()) + .scopes(clientRegistration.getScopes()) .state(this.stateGenerator.generateKey()) .additionalParameters(additionalParameters) .build(); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultAuthorizationRequestUriBuilder.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultAuthorizationRequestUriBuilder.java index 03d8abc52d..99d3409793 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultAuthorizationRequestUriBuilder.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultAuthorizationRequestUriBuilder.java @@ -37,7 +37,7 @@ public class DefaultAuthorizationRequestUriBuilder implements AuthorizationReque @Override public URI build(AuthorizationRequest authorizationRequest) { - Set scopes = authorizationRequest.getScope(); + Set scopes = authorizationRequest.getScopes(); UriComponentsBuilder uriBuilder = UriComponentsBuilder .fromUriString(authorizationRequest.getAuthorizationUri()) .queryParam(OAuth2Parameter.RESPONSE_TYPE, authorizationRequest.getResponseType().getValue()) diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/oidc/client/authentication/OidcAuthorizationCodeAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/oidc/client/authentication/OidcAuthorizationCodeAuthenticationProvider.java index 8d8957c1a9..04ebf43b6d 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/oidc/client/authentication/OidcAuthorizationCodeAuthenticationProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/oidc/client/authentication/OidcAuthorizationCodeAuthenticationProvider.java @@ -79,7 +79,7 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati // Section 3.1.2.1 Authentication Request - http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest // scope // REQUIRED. OpenID Connect requests MUST contain the "openid" scope value. - if (!authorizationCodeAuthentication.getAuthorizationRequest().getScope().contains(OidcScope.OPENID)) { + if (!authorizationCodeAuthentication.getAuthorizationRequest().getScopes().contains(OidcScope.OPENID)) { // This is NOT an OpenID Connect Authentication Request so return null // and let AuthorizationCodeAuthenticationProvider handle it instead return null; @@ -108,7 +108,7 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati AccessToken accessToken = new AccessToken(tokenResponse.getTokenType(), tokenResponse.getTokenValue(), tokenResponse.getIssuedAt(), - tokenResponse.getExpiresAt(), tokenResponse.getScope()); + tokenResponse.getExpiresAt(), tokenResponse.getScopes()); ClientRegistration clientRegistration = authorizationCodeAuthentication.getClientRegistration(); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/oidc/client/authentication/userinfo/OidcUserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/oidc/client/authentication/userinfo/OidcUserService.java index 6a0b63c517..90b87d5548 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/oidc/client/authentication/userinfo/OidcUserService.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/oidc/client/authentication/userinfo/OidcUserService.java @@ -96,7 +96,7 @@ public class OidcUserService implements OAuth2UserService { oidcClientAuthentication.getClientRegistration().getAuthorizationGrantType())) { // Return true if there is at least one match between the authorized scope(s) and UserInfo scope(s) - return oidcClientAuthentication.getAuthorizedScope().stream().anyMatch(userInfoScopes::contains); + return oidcClientAuthentication.getAuthorizedScopes().stream().anyMatch(userInfoScopes::contains); } return false; diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationFilterTests.java index fd179e8bac..95cf70fd40 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationFilterTests.java @@ -201,7 +201,7 @@ public class AuthorizationCodeAuthenticationFilterTests { .clientId(clientRegistration.getClientId()) .authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri()) .redirectUri(clientRegistration.getRedirectUri()) - .scope(clientRegistration.getScope()) + .scopes(clientRegistration.getScopes()) .state(state) .additionalParameters(additionalParameters) .build(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRedirectFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRedirectFilterTests.java index a7ae22c23c..344f34ccf2 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRedirectFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRedirectFilterTests.java @@ -109,7 +109,7 @@ public class AuthorizationRequestRedirectFilterTests { Assertions.assertThat(authorizationRequest.getResponseType()).isNotNull(); Assertions.assertThat(authorizationRequest.getClientId()).isNotNull(); Assertions.assertThat(authorizationRequest.getRedirectUri()).isNotNull(); - Assertions.assertThat(authorizationRequest.getScope()).isNotNull(); + Assertions.assertThat(authorizationRequest.getScopes()).isNotNull(); Assertions.assertThat(authorizationRequest.getState()).isNotNull(); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultAuthorizationRequestUriBuilderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultAuthorizationRequestUriBuilderTests.java index 1b4501624a..563bf354a0 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultAuthorizationRequestUriBuilderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultAuthorizationRequestUriBuilderTests.java @@ -41,7 +41,7 @@ public class DefaultAuthorizationRequestUriBuilderTests { .clientId("client-id") .state("thestate") .redirectUri("https://client.example.com/login/oauth2") - .scope(new HashSet<>(Arrays.asList("openid", "user"))) + .scopes(new HashSet<>(Arrays.asList("openid", "user"))) .build(); URI result = this.builder.build(request); diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AccessToken.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AccessToken.java index 78a23bfe7b..1749c9b3ff 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AccessToken.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AccessToken.java @@ -36,26 +36,26 @@ import java.util.Set; */ public class AccessToken extends SecurityToken { private final TokenType tokenType; - private final Set scope; + private final Set scopes; public AccessToken(TokenType tokenType, String tokenValue, Instant issuedAt, Instant expiresAt) { this(tokenType, tokenValue, issuedAt, expiresAt, Collections.emptySet()); } - public AccessToken(TokenType tokenType, String tokenValue, Instant issuedAt, Instant expiresAt, Set scope) { + public AccessToken(TokenType tokenType, String tokenValue, Instant issuedAt, Instant expiresAt, Set scopes) { super(tokenValue, issuedAt, expiresAt); Assert.notNull(tokenType, "tokenType cannot be null"); this.tokenType = tokenType; - this.scope = Collections.unmodifiableSet( - scope != null ? scope : Collections.emptySet()); + this.scopes = Collections.unmodifiableSet( + scopes != null ? scopes : Collections.emptySet()); } public TokenType getTokenType() { return this.tokenType; } - public Set getScope() { - return this.scope; + public Set getScopes() { + return this.scopes; } public static final class TokenType { diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationRequest.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationRequest.java index 2a4fdce26f..9d6c1c18ec 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationRequest.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationRequest.java @@ -45,7 +45,7 @@ public final class AuthorizationRequest implements Serializable { private ResponseType responseType; private String clientId; private String redirectUri; - private Set scope; + private Set scopes; private String state; private Map additionalParameters; @@ -72,8 +72,8 @@ public final class AuthorizationRequest implements Serializable { return this.redirectUri; } - public Set getScope() { - return this.scope; + public Set getScopes() { + return this.scopes; } public String getState() { @@ -98,7 +98,7 @@ public final class AuthorizationRequest implements Serializable { private ResponseType responseType; private String clientId; private String redirectUri; - private Set scope; + private Set scopes; private String state; private Map additionalParameters; @@ -127,8 +127,8 @@ public final class AuthorizationRequest implements Serializable { return this; } - public Builder scope(Set scope) { - this.scope = scope; + public Builder scopes(Set scopes) { + this.scopes = scopes; return this; } @@ -156,9 +156,9 @@ public final class AuthorizationRequest implements Serializable { authorizationRequest.clientId = this.clientId; authorizationRequest.redirectUri = this.redirectUri; authorizationRequest.state = this.state; - authorizationRequest.scope = Collections.unmodifiableSet( - CollectionUtils.isEmpty(this.scope) ? - Collections.emptySet() : new LinkedHashSet<>(this.scope)); + authorizationRequest.scopes = Collections.unmodifiableSet( + CollectionUtils.isEmpty(this.scopes) ? + Collections.emptySet() : new LinkedHashSet<>(this.scopes)); authorizationRequest.additionalParameters = Collections.unmodifiableMap( CollectionUtils.isEmpty(this.additionalParameters) ? Collections.emptyMap() : new LinkedHashMap<>(this.additionalParameters)); diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/TokenResponse.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/TokenResponse.java index 985425423f..f33aa66ac8 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/TokenResponse.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/TokenResponse.java @@ -55,8 +55,8 @@ public final class TokenResponse { return this.accessToken.getExpiresAt(); } - public Set getScope() { - return this.accessToken.getScope(); + public Set getScopes() { + return this.accessToken.getScopes(); } public Map getAdditionalParameters() { @@ -71,7 +71,7 @@ public final class TokenResponse { private String tokenValue; private AccessToken.TokenType tokenType; private long expiresIn; - private Set scope; + private Set scopes; private Map additionalParameters; private Builder(String tokenValue) { @@ -88,8 +88,8 @@ public final class TokenResponse { return this; } - public Builder scope(Set scope) { - this.scope = scope; + public Builder scopes(Set scopes) { + this.scopes = scopes; return this; } @@ -103,7 +103,7 @@ public final class TokenResponse { Instant issuedAt = Instant.now(); TokenResponse tokenResponse = new TokenResponse(); tokenResponse.accessToken = new AccessToken(this.tokenType, this.tokenValue, issuedAt, - issuedAt.plusSeconds(this.expiresIn), this.scope); + issuedAt.plusSeconds(this.expiresIn), this.scopes); tokenResponse.additionalParameters = Collections.unmodifiableMap( CollectionUtils.isEmpty(this.additionalParameters) ? Collections.emptyMap() : this.additionalParameters); return tokenResponse; diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/AuthorizationRequestTest.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/AuthorizationRequestTest.java index 7a56563e0c..ffca67d9c2 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/AuthorizationRequestTest.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/AuthorizationRequestTest.java @@ -41,7 +41,7 @@ public class AuthorizationRequestTest { .authorizationUri(null) .clientId(CLIENT_ID) .redirectUri(REDIRECT_URI) - .scope(SCOPE) + .scopes(SCOPE) .state(STATE) .build(); } @@ -51,7 +51,7 @@ public class AuthorizationRequestTest { AuthorizationRequest.authorizationCode() .clientId(CLIENT_ID) .redirectUri(REDIRECT_URI) - .scope(SCOPE) + .scopes(SCOPE) .state(STATE) .build(); } @@ -62,7 +62,7 @@ public class AuthorizationRequestTest { .authorizationUri(AUTHORIZE_URI) .clientId(null) .redirectUri(REDIRECT_URI) - .scope(SCOPE) + .scopes(SCOPE) .state(STATE) .build(); } @@ -72,7 +72,7 @@ public class AuthorizationRequestTest { AuthorizationRequest.authorizationCode() .authorizationUri(AUTHORIZE_URI) .redirectUri(REDIRECT_URI) - .scope(SCOPE) + .scopes(SCOPE) .state(STATE) .build(); } @@ -84,7 +84,7 @@ public class AuthorizationRequestTest { .authorizationUri(AUTHORIZE_URI) .clientId(CLIENT_ID) .redirectUri(REDIRECT_URI) - .scope(SCOPE) + .scopes(SCOPE) .state(STATE) .build(); @@ -97,7 +97,7 @@ public class AuthorizationRequestTest { .authorizationUri(AUTHORIZE_URI) .clientId(CLIENT_ID) .redirectUri(null) - .scope(SCOPE) + .scopes(SCOPE) .state(STATE) .build()).doesNotThrowAnyException(); } @@ -107,7 +107,7 @@ public class AuthorizationRequestTest { assertThatCode(() -> AuthorizationRequest.authorizationCode() .authorizationUri(AUTHORIZE_URI) .clientId(CLIENT_ID) - .scope(SCOPE) + .scopes(SCOPE) .state(STATE) .build()).doesNotThrowAnyException(); } @@ -118,7 +118,7 @@ public class AuthorizationRequestTest { .authorizationUri(AUTHORIZE_URI) .clientId(CLIENT_ID) .redirectUri(REDIRECT_URI) - .scope(null) + .scopes(null) .state(STATE) .build()).doesNotThrowAnyException(); } @@ -139,7 +139,7 @@ public class AuthorizationRequestTest { .authorizationUri(AUTHORIZE_URI) .clientId(CLIENT_ID) .redirectUri(REDIRECT_URI) - .scope(SCOPE) + .scopes(SCOPE) .state(null) .build()).doesNotThrowAnyException(); } @@ -150,7 +150,7 @@ public class AuthorizationRequestTest { .authorizationUri(AUTHORIZE_URI) .clientId(CLIENT_ID) .redirectUri(REDIRECT_URI) - .scope(SCOPE) + .scopes(SCOPE) .build()).doesNotThrowAnyException(); } } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TokenResponseTest.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TokenResponseTest.java index 6c1d8fd5d8..ccc421d57b 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TokenResponseTest.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TokenResponseTest.java @@ -36,7 +36,7 @@ public class TokenResponseTest { TokenResponse.withToken(null) .expiresIn(EXPIRES_IN) .additionalParameters(Collections.emptyMap()) - .scope(Collections.emptySet()) + .scopes(Collections.emptySet()) .tokenType(AccessToken.TokenType.BEARER) .build(); } @@ -46,7 +46,7 @@ public class TokenResponseTest { TokenResponse.withToken(TOKEN) .expiresIn(INVALID_EXPIRES_IN) .additionalParameters(Collections.emptyMap()) - .scope(Collections.emptySet()) + .scopes(Collections.emptySet()) .tokenType(AccessToken.TokenType.BEARER) .build(); } diff --git a/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java b/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java index 73ca39e275..265d579220 100644 --- a/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java +++ b/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java @@ -56,7 +56,6 @@ import org.springframework.web.util.UriComponentsBuilder; import java.net.URI; import java.net.URL; import java.net.URLDecoder; -import java.util.Collections; import java.util.HashMap; import java.util.HashSet; import java.util.List; @@ -142,7 +141,7 @@ public class OAuth2LoginApplicationTests { String redirectUri = AUTHORIZE_BASE_URL + "/" + this.githubClientRegistration.getRegistrationId(); assertThat(URLDecoder.decode(params.get(OAuth2Parameter.REDIRECT_URI), "UTF-8")).isEqualTo(redirectUri); assertThat(URLDecoder.decode(params.get(OAuth2Parameter.SCOPE), "UTF-8")) - .isEqualTo(this.githubClientRegistration.getScope().stream().collect(Collectors.joining(" "))); + .isEqualTo(this.githubClientRegistration.getScopes().stream().collect(Collectors.joining(" "))); assertThat(params.get(OAuth2Parameter.STATE)).isNotNull(); }