parent
b81c1ce2c0
commit
1e891b38ab
|
@ -37,7 +37,7 @@ public enum CommonOAuth2Provider {
|
|||
public Builder getBuilder(String registrationId) {
|
||||
ClientRegistration.Builder builder = getBuilder(registrationId,
|
||||
ClientAuthenticationMethod.BASIC, DEFAULT_REDIRECT_URL);
|
||||
builder.scope("openid", "profile", "email", "address", "phone");
|
||||
builder.scopes("openid", "profile", "email", "address", "phone");
|
||||
builder.authorizationUri("https://accounts.google.com/o/oauth2/v2/auth");
|
||||
builder.tokenUri("https://www.googleapis.com/oauth2/v4/token");
|
||||
builder.jwkSetUri("https://www.googleapis.com/oauth2/v3/certs");
|
||||
|
@ -54,7 +54,7 @@ public enum CommonOAuth2Provider {
|
|||
public Builder getBuilder(String registrationId) {
|
||||
ClientRegistration.Builder builder = getBuilder(registrationId,
|
||||
ClientAuthenticationMethod.BASIC, DEFAULT_REDIRECT_URL);
|
||||
builder.scope("user");
|
||||
builder.scopes("user");
|
||||
builder.authorizationUri("https://github.com/login/oauth/authorize");
|
||||
builder.tokenUri("https://github.com/login/oauth/access_token");
|
||||
builder.userInfoUri("https://api.github.com/user");
|
||||
|
@ -70,7 +70,7 @@ public enum CommonOAuth2Provider {
|
|||
public Builder getBuilder(String registrationId) {
|
||||
ClientRegistration.Builder builder = getBuilder(registrationId,
|
||||
ClientAuthenticationMethod.POST, DEFAULT_REDIRECT_URL);
|
||||
builder.scope("public_profile", "email");
|
||||
builder.scopes("public_profile", "email");
|
||||
builder.authorizationUri("https://www.facebook.com/v2.8/dialog/oauth");
|
||||
builder.tokenUri("https://graph.facebook.com/v2.8/oauth/access_token");
|
||||
builder.userInfoUri("https://graph.facebook.com/me");
|
||||
|
@ -86,7 +86,7 @@ public enum CommonOAuth2Provider {
|
|||
public Builder getBuilder(String registrationId) {
|
||||
ClientRegistration.Builder builder = getBuilder(registrationId,
|
||||
ClientAuthenticationMethod.BASIC, DEFAULT_REDIRECT_URL);
|
||||
builder.scope("openid", "profile", "email", "address", "phone");
|
||||
builder.scopes("openid", "profile", "email", "address", "phone");
|
||||
builder.userNameAttributeName(IdTokenClaim.SUB);
|
||||
builder.clientName("Okta");
|
||||
return builder;
|
||||
|
|
|
@ -52,7 +52,7 @@ public class CommonOAuth2ProviderTests {
|
|||
assertThat(registration.getAuthorizationGrantType())
|
||||
.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||
assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
|
||||
assertThat(registration.getScope()).containsOnly("openid", "profile", "email",
|
||||
assertThat(registration.getScopes()).containsOnly("openid", "profile", "email",
|
||||
"address", "phone");
|
||||
assertThat(registration.getClientName()).isEqualTo("Google");
|
||||
assertThat(registration.getRegistrationId()).isEqualTo("123");
|
||||
|
@ -76,7 +76,7 @@ public class CommonOAuth2ProviderTests {
|
|||
assertThat(registration.getAuthorizationGrantType())
|
||||
.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||
assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
|
||||
assertThat(registration.getScope()).containsOnly("user");
|
||||
assertThat(registration.getScopes()).containsOnly("user");
|
||||
assertThat(registration.getClientName()).isEqualTo("GitHub");
|
||||
assertThat(registration.getRegistrationId()).isEqualTo("123");
|
||||
}
|
||||
|
@ -99,7 +99,7 @@ public class CommonOAuth2ProviderTests {
|
|||
assertThat(registration.getAuthorizationGrantType())
|
||||
.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||
assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
|
||||
assertThat(registration.getScope()).containsOnly("public_profile", "email");
|
||||
assertThat(registration.getScopes()).containsOnly("public_profile", "email");
|
||||
assertThat(registration.getClientName()).isEqualTo("Facebook");
|
||||
assertThat(registration.getRegistrationId()).isEqualTo("123");
|
||||
}
|
||||
|
@ -124,7 +124,7 @@ public class CommonOAuth2ProviderTests {
|
|||
assertThat(registration.getAuthorizationGrantType())
|
||||
.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||
assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
|
||||
assertThat(registration.getScope()).containsOnly("openid", "profile", "email",
|
||||
assertThat(registration.getScopes()).containsOnly("openid", "profile", "email",
|
||||
"address", "phone");
|
||||
assertThat(registration.getClientName()).isEqualTo("Okta");
|
||||
assertThat(registration.getRegistrationId()).isEqualTo("123");
|
||||
|
|
|
@ -65,7 +65,7 @@ public class AuthorizationCodeAuthenticationProvider implements AuthenticationPr
|
|||
// Section 3.1.2.1 Authentication Request - http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
|
||||
// scope
|
||||
// REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
|
||||
if (authorizationCodeAuthentication.getAuthorizationRequest().getScope().contains("openid")) {
|
||||
if (authorizationCodeAuthentication.getAuthorizationRequest().getScopes().contains("openid")) {
|
||||
// This is an OpenID Connect Authentication Request so return null
|
||||
// and let OidcAuthorizationCodeAuthenticationProvider handle it instead
|
||||
return null;
|
||||
|
@ -94,7 +94,7 @@ public class AuthorizationCodeAuthenticationProvider implements AuthenticationPr
|
|||
|
||||
AccessToken accessToken = new AccessToken(tokenResponse.getTokenType(),
|
||||
tokenResponse.getTokenValue(), tokenResponse.getIssuedAt(),
|
||||
tokenResponse.getExpiresAt(), tokenResponse.getScope());
|
||||
tokenResponse.getExpiresAt(), tokenResponse.getScopes());
|
||||
|
||||
OAuth2ClientAuthenticationToken clientAuthentication =
|
||||
new OAuth2ClientAuthenticationToken(authorizationCodeAuthentication.getClientRegistration(), accessToken);
|
||||
|
|
|
@ -122,16 +122,16 @@ public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrant
|
|||
accessTokenType = AccessToken.TokenType.BEARER;
|
||||
}
|
||||
long expiresIn = accessTokenResponse.getTokens().getAccessToken().getLifetime();
|
||||
Set<String> scope = Collections.emptySet();
|
||||
Set<String> scopes = Collections.emptySet();
|
||||
if (!CollectionUtils.isEmpty(accessTokenResponse.getTokens().getAccessToken().getScope())) {
|
||||
scope = new LinkedHashSet<>(accessTokenResponse.getTokens().getAccessToken().getScope().toStringList());
|
||||
scopes = new LinkedHashSet<>(accessTokenResponse.getTokens().getAccessToken().getScope().toStringList());
|
||||
}
|
||||
Map<String, Object> additionalParameters = new LinkedHashMap<>(accessTokenResponse.getCustomParameters());
|
||||
|
||||
return TokenResponse.withToken(accessToken)
|
||||
.tokenType(accessTokenType)
|
||||
.expiresIn(expiresIn)
|
||||
.scope(scope)
|
||||
.scopes(scopes)
|
||||
.additionalParameters(additionalParameters)
|
||||
.build();
|
||||
}
|
||||
|
|
|
@ -74,13 +74,13 @@ public class OAuth2ClientAuthenticationToken extends AbstractAuthenticationToken
|
|||
return this.accessToken;
|
||||
}
|
||||
|
||||
public final Set<String> getAuthorizedScope() {
|
||||
public final Set<String> getAuthorizedScopes() {
|
||||
// As per spec, in section 5.1 Successful Access Token Response
|
||||
// https://tools.ietf.org/html/rfc6749#section-5.1
|
||||
// If AccessToken.scope is empty, then default to the scope
|
||||
// If AccessToken.scopes is empty, then default to the scopes
|
||||
// originally requested by the client in the Authorization Request
|
||||
return (CollectionUtils.isEmpty(this.getAccessToken().getScope()) ?
|
||||
this.getClientRegistration().getScope() :
|
||||
this.getAccessToken().getScope());
|
||||
return (CollectionUtils.isEmpty(this.getAccessToken().getScopes()) ?
|
||||
this.getClientRegistration().getScopes() :
|
||||
this.getAccessToken().getScopes());
|
||||
}
|
||||
}
|
||||
|
|
|
@ -64,7 +64,7 @@ public class OAuth2UserAuthenticationProvider implements AuthenticationProvider
|
|||
// Section 3.1.2.1 Authentication Request - http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
|
||||
// scope
|
||||
// REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
|
||||
if (clientAuthentication.getAuthorizedScope().contains("openid")) {
|
||||
if (clientAuthentication.getAuthorizedScopes().contains("openid")) {
|
||||
// This is an OpenID Connect Authentication Request so return null
|
||||
// and let OidcUserAuthenticationProvider handle it instead
|
||||
return null;
|
||||
|
|
|
@ -40,7 +40,7 @@ public class ClientRegistration {
|
|||
private ClientAuthenticationMethod clientAuthenticationMethod = ClientAuthenticationMethod.BASIC;
|
||||
private AuthorizationGrantType authorizationGrantType;
|
||||
private String redirectUri;
|
||||
private Set<String> scope = Collections.emptySet();
|
||||
private Set<String> scopes = Collections.emptySet();
|
||||
private ProviderDetails providerDetails = new ProviderDetails();
|
||||
private String clientName;
|
||||
|
||||
|
@ -95,12 +95,12 @@ public class ClientRegistration {
|
|||
this.redirectUri = redirectUri;
|
||||
}
|
||||
|
||||
public Set<String> getScope() {
|
||||
return this.scope;
|
||||
public Set<String> getScopes() {
|
||||
return this.scopes;
|
||||
}
|
||||
|
||||
protected void setScope(Set<String> scope) {
|
||||
this.scope = scope;
|
||||
protected void setScopes(Set<String> scopes) {
|
||||
this.scopes = scopes;
|
||||
}
|
||||
|
||||
public ProviderDetails getProviderDetails() {
|
||||
|
@ -192,7 +192,7 @@ public class ClientRegistration {
|
|||
private ClientAuthenticationMethod clientAuthenticationMethod = ClientAuthenticationMethod.BASIC;
|
||||
private AuthorizationGrantType authorizationGrantType;
|
||||
private String redirectUri;
|
||||
private Set<String> scope;
|
||||
private Set<String> scopes;
|
||||
private String authorizationUri;
|
||||
private String tokenUri;
|
||||
private String userInfoUri;
|
||||
|
@ -212,7 +212,7 @@ public class ClientRegistration {
|
|||
this.authorizationGrantType(clientRegistrationProperties.getAuthorizationGrantType());
|
||||
this.redirectUri(clientRegistrationProperties.getRedirectUri());
|
||||
if (!CollectionUtils.isEmpty(clientRegistrationProperties.getScope())) {
|
||||
this.scope(clientRegistrationProperties.getScope().toArray(new String[0]));
|
||||
this.scopes(clientRegistrationProperties.getScope().toArray(new String[0]));
|
||||
}
|
||||
this.authorizationUri(clientRegistrationProperties.getAuthorizationUri());
|
||||
this.tokenUri(clientRegistrationProperties.getTokenUri());
|
||||
|
@ -229,8 +229,8 @@ public class ClientRegistration {
|
|||
this.clientAuthenticationMethod(clientRegistration.getClientAuthenticationMethod());
|
||||
this.authorizationGrantType(clientRegistration.getAuthorizationGrantType());
|
||||
this.redirectUri(clientRegistration.getRedirectUri());
|
||||
if (!CollectionUtils.isEmpty(clientRegistration.getScope())) {
|
||||
this.scope(clientRegistration.getScope().toArray(new String[0]));
|
||||
if (!CollectionUtils.isEmpty(clientRegistration.getScopes())) {
|
||||
this.scopes(clientRegistration.getScopes().toArray(new String[0]));
|
||||
}
|
||||
this.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri());
|
||||
this.tokenUri(clientRegistration.getProviderDetails().getTokenUri());
|
||||
|
@ -265,10 +265,10 @@ public class ClientRegistration {
|
|||
return this;
|
||||
}
|
||||
|
||||
public Builder scope(String... scope) {
|
||||
if (scope != null && scope.length > 0) {
|
||||
this.scope = Collections.unmodifiableSet(
|
||||
new LinkedHashSet<>(Arrays.asList(scope)));
|
||||
public Builder scopes(String... scopes) {
|
||||
if (scopes != null && scopes.length > 0) {
|
||||
this.scopes = Collections.unmodifiableSet(
|
||||
new LinkedHashSet<>(Arrays.asList(scopes)));
|
||||
}
|
||||
return this;
|
||||
}
|
||||
|
@ -322,7 +322,7 @@ public class ClientRegistration {
|
|||
clientRegistration.setClientAuthenticationMethod(this.clientAuthenticationMethod);
|
||||
clientRegistration.setAuthorizationGrantType(this.authorizationGrantType);
|
||||
clientRegistration.setRedirectUri(this.redirectUri);
|
||||
clientRegistration.setScope(this.scope);
|
||||
clientRegistration.setScopes(this.scopes);
|
||||
|
||||
ProviderDetails providerDetails = clientRegistration.new ProviderDetails();
|
||||
providerDetails.setAuthorizationUri(this.authorizationUri);
|
||||
|
@ -345,10 +345,10 @@ public class ClientRegistration {
|
|||
Assert.hasText(this.clientSecret, "clientSecret cannot be empty");
|
||||
Assert.notNull(this.clientAuthenticationMethod, "clientAuthenticationMethod cannot be null");
|
||||
Assert.hasText(this.redirectUri, "redirectUri cannot be empty");
|
||||
Assert.notEmpty(this.scope, "scope cannot be empty");
|
||||
Assert.notEmpty(this.scopes, "scopes cannot be empty");
|
||||
Assert.hasText(this.authorizationUri, "authorizationUri cannot be empty");
|
||||
Assert.hasText(this.tokenUri, "tokenUri cannot be empty");
|
||||
if (this.scope.contains(OidcScope.OPENID)) {
|
||||
if (this.scopes.contains(OidcScope.OPENID)) {
|
||||
// OIDC Clients need to verify/validate the ID Token
|
||||
Assert.hasText(this.jwkSetUri, "jwkSetUri cannot be empty");
|
||||
}
|
||||
|
@ -361,7 +361,7 @@ public class ClientRegistration {
|
|||
Assert.hasText(this.registrationId, "registrationId cannot be empty");
|
||||
Assert.hasText(this.clientId, "clientId cannot be empty");
|
||||
Assert.hasText(this.redirectUri, "redirectUri cannot be empty");
|
||||
Assert.notEmpty(this.scope, "scope cannot be empty");
|
||||
Assert.notEmpty(this.scopes, "scopes cannot be empty");
|
||||
Assert.hasText(this.authorizationUri, "authorizationUri cannot be empty");
|
||||
Assert.hasText(this.clientName, "clientName cannot be empty");
|
||||
}
|
||||
|
|
|
@ -21,7 +21,6 @@ import org.springframework.security.oauth2.core.AccessToken;
|
|||
import org.springframework.util.Assert;
|
||||
|
||||
import java.util.Base64;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
|
||||
|
@ -76,7 +75,7 @@ public final class InMemoryAccessTokenRepository implements SecurityTokenReposit
|
|||
builder.append("[").append(clientRegistration.getClientId()).append("]");
|
||||
|
||||
// Access Token Response attributes
|
||||
builder.append("[").append(clientRegistration.getScope().toString()).append("]");
|
||||
builder.append("[").append(clientRegistration.getScopes().toString()).append("]");
|
||||
|
||||
return Base64.getEncoder().encodeToString(builder.toString().getBytes());
|
||||
}
|
||||
|
|
|
@ -146,7 +146,7 @@ public class AuthorizationRequestRedirectFilter extends OncePerRequestFilter {
|
|||
.clientId(clientRegistration.getClientId())
|
||||
.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
|
||||
.redirectUri(redirectUriStr)
|
||||
.scope(clientRegistration.getScope())
|
||||
.scopes(clientRegistration.getScopes())
|
||||
.state(this.stateGenerator.generateKey())
|
||||
.additionalParameters(additionalParameters)
|
||||
.build();
|
||||
|
|
|
@ -37,7 +37,7 @@ public class DefaultAuthorizationRequestUriBuilder implements AuthorizationReque
|
|||
|
||||
@Override
|
||||
public URI build(AuthorizationRequest authorizationRequest) {
|
||||
Set<String> scopes = authorizationRequest.getScope();
|
||||
Set<String> scopes = authorizationRequest.getScopes();
|
||||
UriComponentsBuilder uriBuilder = UriComponentsBuilder
|
||||
.fromUriString(authorizationRequest.getAuthorizationUri())
|
||||
.queryParam(OAuth2Parameter.RESPONSE_TYPE, authorizationRequest.getResponseType().getValue())
|
||||
|
|
|
@ -79,7 +79,7 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
|
|||
// Section 3.1.2.1 Authentication Request - http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
|
||||
// scope
|
||||
// REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
|
||||
if (!authorizationCodeAuthentication.getAuthorizationRequest().getScope().contains(OidcScope.OPENID)) {
|
||||
if (!authorizationCodeAuthentication.getAuthorizationRequest().getScopes().contains(OidcScope.OPENID)) {
|
||||
// This is NOT an OpenID Connect Authentication Request so return null
|
||||
// and let AuthorizationCodeAuthenticationProvider handle it instead
|
||||
return null;
|
||||
|
@ -108,7 +108,7 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
|
|||
|
||||
AccessToken accessToken = new AccessToken(tokenResponse.getTokenType(),
|
||||
tokenResponse.getTokenValue(), tokenResponse.getIssuedAt(),
|
||||
tokenResponse.getExpiresAt(), tokenResponse.getScope());
|
||||
tokenResponse.getExpiresAt(), tokenResponse.getScopes());
|
||||
|
||||
ClientRegistration clientRegistration = authorizationCodeAuthentication.getClientRegistration();
|
||||
|
||||
|
|
|
@ -96,7 +96,7 @@ public class OidcUserService implements OAuth2UserService {
|
|||
oidcClientAuthentication.getClientRegistration().getAuthorizationGrantType())) {
|
||||
|
||||
// Return true if there is at least one match between the authorized scope(s) and UserInfo scope(s)
|
||||
return oidcClientAuthentication.getAuthorizedScope().stream().anyMatch(userInfoScopes::contains);
|
||||
return oidcClientAuthentication.getAuthorizedScopes().stream().anyMatch(userInfoScopes::contains);
|
||||
}
|
||||
|
||||
return false;
|
||||
|
|
|
@ -201,7 +201,7 @@ public class AuthorizationCodeAuthenticationFilterTests {
|
|||
.clientId(clientRegistration.getClientId())
|
||||
.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
|
||||
.redirectUri(clientRegistration.getRedirectUri())
|
||||
.scope(clientRegistration.getScope())
|
||||
.scopes(clientRegistration.getScopes())
|
||||
.state(state)
|
||||
.additionalParameters(additionalParameters)
|
||||
.build();
|
||||
|
|
|
@ -109,7 +109,7 @@ public class AuthorizationRequestRedirectFilterTests {
|
|||
Assertions.assertThat(authorizationRequest.getResponseType()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequest.getClientId()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequest.getRedirectUri()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequest.getScope()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequest.getScopes()).isNotNull();
|
||||
Assertions.assertThat(authorizationRequest.getState()).isNotNull();
|
||||
}
|
||||
|
||||
|
|
|
@ -41,7 +41,7 @@ public class DefaultAuthorizationRequestUriBuilderTests {
|
|||
.clientId("client-id")
|
||||
.state("thestate")
|
||||
.redirectUri("https://client.example.com/login/oauth2")
|
||||
.scope(new HashSet<>(Arrays.asList("openid", "user")))
|
||||
.scopes(new HashSet<>(Arrays.asList("openid", "user")))
|
||||
.build();
|
||||
|
||||
URI result = this.builder.build(request);
|
||||
|
|
|
@ -36,26 +36,26 @@ import java.util.Set;
|
|||
*/
|
||||
public class AccessToken extends SecurityToken {
|
||||
private final TokenType tokenType;
|
||||
private final Set<String> scope;
|
||||
private final Set<String> scopes;
|
||||
|
||||
public AccessToken(TokenType tokenType, String tokenValue, Instant issuedAt, Instant expiresAt) {
|
||||
this(tokenType, tokenValue, issuedAt, expiresAt, Collections.emptySet());
|
||||
}
|
||||
|
||||
public AccessToken(TokenType tokenType, String tokenValue, Instant issuedAt, Instant expiresAt, Set<String> scope) {
|
||||
public AccessToken(TokenType tokenType, String tokenValue, Instant issuedAt, Instant expiresAt, Set<String> scopes) {
|
||||
super(tokenValue, issuedAt, expiresAt);
|
||||
Assert.notNull(tokenType, "tokenType cannot be null");
|
||||
this.tokenType = tokenType;
|
||||
this.scope = Collections.unmodifiableSet(
|
||||
scope != null ? scope : Collections.emptySet());
|
||||
this.scopes = Collections.unmodifiableSet(
|
||||
scopes != null ? scopes : Collections.emptySet());
|
||||
}
|
||||
|
||||
public TokenType getTokenType() {
|
||||
return this.tokenType;
|
||||
}
|
||||
|
||||
public Set<String> getScope() {
|
||||
return this.scope;
|
||||
public Set<String> getScopes() {
|
||||
return this.scopes;
|
||||
}
|
||||
|
||||
public static final class TokenType {
|
||||
|
|
|
@ -45,7 +45,7 @@ public final class AuthorizationRequest implements Serializable {
|
|||
private ResponseType responseType;
|
||||
private String clientId;
|
||||
private String redirectUri;
|
||||
private Set<String> scope;
|
||||
private Set<String> scopes;
|
||||
private String state;
|
||||
private Map<String,Object> additionalParameters;
|
||||
|
||||
|
@ -72,8 +72,8 @@ public final class AuthorizationRequest implements Serializable {
|
|||
return this.redirectUri;
|
||||
}
|
||||
|
||||
public Set<String> getScope() {
|
||||
return this.scope;
|
||||
public Set<String> getScopes() {
|
||||
return this.scopes;
|
||||
}
|
||||
|
||||
public String getState() {
|
||||
|
@ -98,7 +98,7 @@ public final class AuthorizationRequest implements Serializable {
|
|||
private ResponseType responseType;
|
||||
private String clientId;
|
||||
private String redirectUri;
|
||||
private Set<String> scope;
|
||||
private Set<String> scopes;
|
||||
private String state;
|
||||
private Map<String,Object> additionalParameters;
|
||||
|
||||
|
@ -127,8 +127,8 @@ public final class AuthorizationRequest implements Serializable {
|
|||
return this;
|
||||
}
|
||||
|
||||
public Builder scope(Set<String> scope) {
|
||||
this.scope = scope;
|
||||
public Builder scopes(Set<String> scopes) {
|
||||
this.scopes = scopes;
|
||||
return this;
|
||||
}
|
||||
|
||||
|
@ -156,9 +156,9 @@ public final class AuthorizationRequest implements Serializable {
|
|||
authorizationRequest.clientId = this.clientId;
|
||||
authorizationRequest.redirectUri = this.redirectUri;
|
||||
authorizationRequest.state = this.state;
|
||||
authorizationRequest.scope = Collections.unmodifiableSet(
|
||||
CollectionUtils.isEmpty(this.scope) ?
|
||||
Collections.emptySet() : new LinkedHashSet<>(this.scope));
|
||||
authorizationRequest.scopes = Collections.unmodifiableSet(
|
||||
CollectionUtils.isEmpty(this.scopes) ?
|
||||
Collections.emptySet() : new LinkedHashSet<>(this.scopes));
|
||||
authorizationRequest.additionalParameters = Collections.unmodifiableMap(
|
||||
CollectionUtils.isEmpty(this.additionalParameters) ?
|
||||
Collections.emptyMap() : new LinkedHashMap<>(this.additionalParameters));
|
||||
|
|
|
@ -55,8 +55,8 @@ public final class TokenResponse {
|
|||
return this.accessToken.getExpiresAt();
|
||||
}
|
||||
|
||||
public Set<String> getScope() {
|
||||
return this.accessToken.getScope();
|
||||
public Set<String> getScopes() {
|
||||
return this.accessToken.getScopes();
|
||||
}
|
||||
|
||||
public Map<String, Object> getAdditionalParameters() {
|
||||
|
@ -71,7 +71,7 @@ public final class TokenResponse {
|
|||
private String tokenValue;
|
||||
private AccessToken.TokenType tokenType;
|
||||
private long expiresIn;
|
||||
private Set<String> scope;
|
||||
private Set<String> scopes;
|
||||
private Map<String,Object> additionalParameters;
|
||||
|
||||
private Builder(String tokenValue) {
|
||||
|
@ -88,8 +88,8 @@ public final class TokenResponse {
|
|||
return this;
|
||||
}
|
||||
|
||||
public Builder scope(Set<String> scope) {
|
||||
this.scope = scope;
|
||||
public Builder scopes(Set<String> scopes) {
|
||||
this.scopes = scopes;
|
||||
return this;
|
||||
}
|
||||
|
||||
|
@ -103,7 +103,7 @@ public final class TokenResponse {
|
|||
Instant issuedAt = Instant.now();
|
||||
TokenResponse tokenResponse = new TokenResponse();
|
||||
tokenResponse.accessToken = new AccessToken(this.tokenType, this.tokenValue, issuedAt,
|
||||
issuedAt.plusSeconds(this.expiresIn), this.scope);
|
||||
issuedAt.plusSeconds(this.expiresIn), this.scopes);
|
||||
tokenResponse.additionalParameters = Collections.unmodifiableMap(
|
||||
CollectionUtils.isEmpty(this.additionalParameters) ? Collections.emptyMap() : this.additionalParameters);
|
||||
return tokenResponse;
|
||||
|
|
|
@ -41,7 +41,7 @@ public class AuthorizationRequestTest {
|
|||
.authorizationUri(null)
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPE)
|
||||
.scopes(SCOPE)
|
||||
.state(STATE)
|
||||
.build();
|
||||
}
|
||||
|
@ -51,7 +51,7 @@ public class AuthorizationRequestTest {
|
|||
AuthorizationRequest.authorizationCode()
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPE)
|
||||
.scopes(SCOPE)
|
||||
.state(STATE)
|
||||
.build();
|
||||
}
|
||||
|
@ -62,7 +62,7 @@ public class AuthorizationRequestTest {
|
|||
.authorizationUri(AUTHORIZE_URI)
|
||||
.clientId(null)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPE)
|
||||
.scopes(SCOPE)
|
||||
.state(STATE)
|
||||
.build();
|
||||
}
|
||||
|
@ -72,7 +72,7 @@ public class AuthorizationRequestTest {
|
|||
AuthorizationRequest.authorizationCode()
|
||||
.authorizationUri(AUTHORIZE_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPE)
|
||||
.scopes(SCOPE)
|
||||
.state(STATE)
|
||||
.build();
|
||||
}
|
||||
|
@ -84,7 +84,7 @@ public class AuthorizationRequestTest {
|
|||
.authorizationUri(AUTHORIZE_URI)
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPE)
|
||||
.scopes(SCOPE)
|
||||
.state(STATE)
|
||||
.build();
|
||||
|
||||
|
@ -97,7 +97,7 @@ public class AuthorizationRequestTest {
|
|||
.authorizationUri(AUTHORIZE_URI)
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(null)
|
||||
.scope(SCOPE)
|
||||
.scopes(SCOPE)
|
||||
.state(STATE)
|
||||
.build()).doesNotThrowAnyException();
|
||||
}
|
||||
|
@ -107,7 +107,7 @@ public class AuthorizationRequestTest {
|
|||
assertThatCode(() -> AuthorizationRequest.authorizationCode()
|
||||
.authorizationUri(AUTHORIZE_URI)
|
||||
.clientId(CLIENT_ID)
|
||||
.scope(SCOPE)
|
||||
.scopes(SCOPE)
|
||||
.state(STATE)
|
||||
.build()).doesNotThrowAnyException();
|
||||
}
|
||||
|
@ -118,7 +118,7 @@ public class AuthorizationRequestTest {
|
|||
.authorizationUri(AUTHORIZE_URI)
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(null)
|
||||
.scopes(null)
|
||||
.state(STATE)
|
||||
.build()).doesNotThrowAnyException();
|
||||
}
|
||||
|
@ -139,7 +139,7 @@ public class AuthorizationRequestTest {
|
|||
.authorizationUri(AUTHORIZE_URI)
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPE)
|
||||
.scopes(SCOPE)
|
||||
.state(null)
|
||||
.build()).doesNotThrowAnyException();
|
||||
}
|
||||
|
@ -150,7 +150,7 @@ public class AuthorizationRequestTest {
|
|||
.authorizationUri(AUTHORIZE_URI)
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scope(SCOPE)
|
||||
.scopes(SCOPE)
|
||||
.build()).doesNotThrowAnyException();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -36,7 +36,7 @@ public class TokenResponseTest {
|
|||
TokenResponse.withToken(null)
|
||||
.expiresIn(EXPIRES_IN)
|
||||
.additionalParameters(Collections.emptyMap())
|
||||
.scope(Collections.emptySet())
|
||||
.scopes(Collections.emptySet())
|
||||
.tokenType(AccessToken.TokenType.BEARER)
|
||||
.build();
|
||||
}
|
||||
|
@ -46,7 +46,7 @@ public class TokenResponseTest {
|
|||
TokenResponse.withToken(TOKEN)
|
||||
.expiresIn(INVALID_EXPIRES_IN)
|
||||
.additionalParameters(Collections.emptyMap())
|
||||
.scope(Collections.emptySet())
|
||||
.scopes(Collections.emptySet())
|
||||
.tokenType(AccessToken.TokenType.BEARER)
|
||||
.build();
|
||||
}
|
||||
|
|
|
@ -56,7 +56,6 @@ import org.springframework.web.util.UriComponentsBuilder;
|
|||
import java.net.URI;
|
||||
import java.net.URL;
|
||||
import java.net.URLDecoder;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
|
@ -142,7 +141,7 @@ public class OAuth2LoginApplicationTests {
|
|||
String redirectUri = AUTHORIZE_BASE_URL + "/" + this.githubClientRegistration.getRegistrationId();
|
||||
assertThat(URLDecoder.decode(params.get(OAuth2Parameter.REDIRECT_URI), "UTF-8")).isEqualTo(redirectUri);
|
||||
assertThat(URLDecoder.decode(params.get(OAuth2Parameter.SCOPE), "UTF-8"))
|
||||
.isEqualTo(this.githubClientRegistration.getScope().stream().collect(Collectors.joining(" ")));
|
||||
.isEqualTo(this.githubClientRegistration.getScopes().stream().collect(Collectors.joining(" ")));
|
||||
assertThat(params.get(OAuth2Parameter.STATE)).isNotNull();
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue