Merge branch '5.5.x' into 5.6.x
This commit is contained in:
commit
26a51ee198
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2021 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -214,7 +214,7 @@ public abstract class AbstractWebClientReactiveOAuth2AccessTokenResponseClient<T
|
||||||
* no scopes.
|
* no scopes.
|
||||||
*/
|
*/
|
||||||
Set<String> defaultScopes(T grantRequest) {
|
Set<String> defaultScopes(T grantRequest) {
|
||||||
return scopes(grantRequest);
|
return Collections.emptySet();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2018 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -30,7 +30,6 @@ import org.springframework.security.oauth2.core.OAuth2Error;
|
||||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||||
import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
|
import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
import org.springframework.util.CollectionUtils;
|
|
||||||
import org.springframework.web.client.ResponseErrorHandler;
|
import org.springframework.web.client.ResponseErrorHandler;
|
||||||
import org.springframework.web.client.RestClientException;
|
import org.springframework.web.client.RestClientException;
|
||||||
import org.springframework.web.client.RestOperations;
|
import org.springframework.web.client.RestOperations;
|
||||||
|
@ -76,19 +75,12 @@ public final class DefaultAuthorizationCodeTokenResponseClient
|
||||||
Assert.notNull(authorizationCodeGrantRequest, "authorizationCodeGrantRequest cannot be null");
|
Assert.notNull(authorizationCodeGrantRequest, "authorizationCodeGrantRequest cannot be null");
|
||||||
RequestEntity<?> request = this.requestEntityConverter.convert(authorizationCodeGrantRequest);
|
RequestEntity<?> request = this.requestEntityConverter.convert(authorizationCodeGrantRequest);
|
||||||
ResponseEntity<OAuth2AccessTokenResponse> response = getResponse(request);
|
ResponseEntity<OAuth2AccessTokenResponse> response = getResponse(request);
|
||||||
OAuth2AccessTokenResponse tokenResponse = response.getBody();
|
// As per spec, in Section 5.1 Successful Access Token Response
|
||||||
if (CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())) {
|
// https://tools.ietf.org/html/rfc6749#section-5.1
|
||||||
// As per spec, in Section 5.1 Successful Access Token Response
|
// If AccessTokenResponse.scope is empty, then we assume all requested scopes were
|
||||||
// https://tools.ietf.org/html/rfc6749#section-5.1
|
// granted.
|
||||||
// If AccessTokenResponse.scope is empty, then default to the scope
|
// However, we use the explicit scopes returned in the response (if any).
|
||||||
// originally requested by the client in the Token Request
|
return response.getBody();
|
||||||
// @formatter:off
|
|
||||||
tokenResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse)
|
|
||||||
.scopes(authorizationCodeGrantRequest.getClientRegistration().getScopes())
|
|
||||||
.build();
|
|
||||||
// @formatter:on
|
|
||||||
}
|
|
||||||
return tokenResponse;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private ResponseEntity<OAuth2AccessTokenResponse> getResponse(RequestEntity<?> request) {
|
private ResponseEntity<OAuth2AccessTokenResponse> getResponse(RequestEntity<?> request) {
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2018 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -30,7 +30,6 @@ import org.springframework.security.oauth2.core.OAuth2Error;
|
||||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||||
import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
|
import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
import org.springframework.util.CollectionUtils;
|
|
||||||
import org.springframework.web.client.ResponseErrorHandler;
|
import org.springframework.web.client.ResponseErrorHandler;
|
||||||
import org.springframework.web.client.RestClientException;
|
import org.springframework.web.client.RestClientException;
|
||||||
import org.springframework.web.client.RestOperations;
|
import org.springframework.web.client.RestOperations;
|
||||||
|
@ -76,19 +75,12 @@ public final class DefaultClientCredentialsTokenResponseClient
|
||||||
Assert.notNull(clientCredentialsGrantRequest, "clientCredentialsGrantRequest cannot be null");
|
Assert.notNull(clientCredentialsGrantRequest, "clientCredentialsGrantRequest cannot be null");
|
||||||
RequestEntity<?> request = this.requestEntityConverter.convert(clientCredentialsGrantRequest);
|
RequestEntity<?> request = this.requestEntityConverter.convert(clientCredentialsGrantRequest);
|
||||||
ResponseEntity<OAuth2AccessTokenResponse> response = getResponse(request);
|
ResponseEntity<OAuth2AccessTokenResponse> response = getResponse(request);
|
||||||
OAuth2AccessTokenResponse tokenResponse = response.getBody();
|
// As per spec, in Section 5.1 Successful Access Token Response
|
||||||
if (CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())) {
|
// https://tools.ietf.org/html/rfc6749#section-5.1
|
||||||
// As per spec, in Section 5.1 Successful Access Token Response
|
// If AccessTokenResponse.scope is empty, then we assume all requested scopes were
|
||||||
// https://tools.ietf.org/html/rfc6749#section-5.1
|
// granted.
|
||||||
// If AccessTokenResponse.scope is empty, then default to the scope
|
// However, we use the explicit scopes returned in the response (if any).
|
||||||
// originally requested by the client in the Token Request
|
return response.getBody();
|
||||||
// @formatter:off
|
|
||||||
tokenResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse)
|
|
||||||
.scopes(clientCredentialsGrantRequest.getClientRegistration().getScopes())
|
|
||||||
.build();
|
|
||||||
// @formatter:on
|
|
||||||
}
|
|
||||||
return tokenResponse;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private ResponseEntity<OAuth2AccessTokenResponse> getResponse(RequestEntity<?> request) {
|
private ResponseEntity<OAuth2AccessTokenResponse> getResponse(RequestEntity<?> request) {
|
||||||
|
|
|
@ -30,7 +30,6 @@ import org.springframework.security.oauth2.core.OAuth2Error;
|
||||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||||
import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
|
import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
import org.springframework.util.CollectionUtils;
|
|
||||||
import org.springframework.web.client.ResponseErrorHandler;
|
import org.springframework.web.client.ResponseErrorHandler;
|
||||||
import org.springframework.web.client.RestClientException;
|
import org.springframework.web.client.RestClientException;
|
||||||
import org.springframework.web.client.RestOperations;
|
import org.springframework.web.client.RestOperations;
|
||||||
|
@ -73,19 +72,12 @@ public final class DefaultJwtBearerTokenResponseClient
|
||||||
Assert.notNull(jwtBearerGrantRequest, "jwtBearerGrantRequest cannot be null");
|
Assert.notNull(jwtBearerGrantRequest, "jwtBearerGrantRequest cannot be null");
|
||||||
RequestEntity<?> request = this.requestEntityConverter.convert(jwtBearerGrantRequest);
|
RequestEntity<?> request = this.requestEntityConverter.convert(jwtBearerGrantRequest);
|
||||||
ResponseEntity<OAuth2AccessTokenResponse> response = getResponse(request);
|
ResponseEntity<OAuth2AccessTokenResponse> response = getResponse(request);
|
||||||
OAuth2AccessTokenResponse tokenResponse = response.getBody();
|
// As per spec, in Section 5.1 Successful Access Token Response
|
||||||
if (CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())) {
|
// https://tools.ietf.org/html/rfc6749#section-5.1
|
||||||
// As per spec, in Section 5.1 Successful Access Token Response
|
// If AccessTokenResponse.scope is empty, then we assume all requested scopes were
|
||||||
// https://tools.ietf.org/html/rfc6749#section-5.1
|
// granted.
|
||||||
// If AccessTokenResponse.scope is empty, then default to the scope
|
// However, we use the explicit scopes returned in the response (if any).
|
||||||
// originally requested by the client in the Token Request
|
return response.getBody();
|
||||||
// @formatter:off
|
|
||||||
tokenResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse)
|
|
||||||
.scopes(jwtBearerGrantRequest.getClientRegistration().getScopes())
|
|
||||||
.build();
|
|
||||||
// @formatter:on
|
|
||||||
}
|
|
||||||
return tokenResponse;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private ResponseEntity<OAuth2AccessTokenResponse> getResponse(RequestEntity<?> request) {
|
private ResponseEntity<OAuth2AccessTokenResponse> getResponse(RequestEntity<?> request) {
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2019 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -30,7 +30,6 @@ import org.springframework.security.oauth2.core.OAuth2Error;
|
||||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||||
import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
|
import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
import org.springframework.util.CollectionUtils;
|
|
||||||
import org.springframework.web.client.ResponseErrorHandler;
|
import org.springframework.web.client.ResponseErrorHandler;
|
||||||
import org.springframework.web.client.RestClientException;
|
import org.springframework.web.client.RestClientException;
|
||||||
import org.springframework.web.client.RestOperations;
|
import org.springframework.web.client.RestOperations;
|
||||||
|
@ -75,16 +74,12 @@ public final class DefaultPasswordTokenResponseClient
|
||||||
Assert.notNull(passwordGrantRequest, "passwordGrantRequest cannot be null");
|
Assert.notNull(passwordGrantRequest, "passwordGrantRequest cannot be null");
|
||||||
RequestEntity<?> request = this.requestEntityConverter.convert(passwordGrantRequest);
|
RequestEntity<?> request = this.requestEntityConverter.convert(passwordGrantRequest);
|
||||||
ResponseEntity<OAuth2AccessTokenResponse> response = getResponse(request);
|
ResponseEntity<OAuth2AccessTokenResponse> response = getResponse(request);
|
||||||
OAuth2AccessTokenResponse tokenResponse = response.getBody();
|
// As per spec, in Section 5.1 Successful Access Token Response
|
||||||
if (CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())) {
|
// https://tools.ietf.org/html/rfc6749#section-5.1
|
||||||
// As per spec, in Section 5.1 Successful Access Token Response
|
// If AccessTokenResponse.scope is empty, then we assume all requested scopes were
|
||||||
// https://tools.ietf.org/html/rfc6749#section-5.1
|
// granted.
|
||||||
// If AccessTokenResponse.scope is empty, then default to the scope
|
// However, we use the explicit scopes returned in the response (if any).
|
||||||
// originally requested by the client in the Token Request
|
return response.getBody();
|
||||||
tokenResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse)
|
|
||||||
.scopes(passwordGrantRequest.getClientRegistration().getScopes()).build();
|
|
||||||
}
|
|
||||||
return tokenResponse;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private ResponseEntity<OAuth2AccessTokenResponse> getResponse(RequestEntity<?> request) {
|
private ResponseEntity<OAuth2AccessTokenResponse> getResponse(RequestEntity<?> request) {
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2020 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -65,11 +65,6 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClient
|
||||||
return Collections.emptySet();
|
return Collections.emptySet();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
|
||||||
Set<String> defaultScopes(OAuth2AuthorizationCodeGrantRequest grantRequest) {
|
|
||||||
return grantRequest.getAuthorizationExchange().getAuthorizationRequest().getScopes();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
BodyInserters.FormInserter<String> populateTokenRequestBody(OAuth2AuthorizationCodeGrantRequest grantRequest,
|
BodyInserters.FormInserter<String> populateTokenRequestBody(OAuth2AuthorizationCodeGrantRequest grantRequest,
|
||||||
BodyInserters.FormInserter<String> body) {
|
BodyInserters.FormInserter<String> body) {
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2020 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2020 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2021 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -295,7 +295,7 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenAccessTokenHasDefaultScope() {
|
public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenAccessTokenHasNoScope() {
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
String accessTokenSuccessResponse = "{\n"
|
String accessTokenSuccessResponse = "{\n"
|
||||||
+ " \"access_token\": \"access-token-1234\",\n"
|
+ " \"access_token\": \"access-token-1234\",\n"
|
||||||
|
@ -307,7 +307,7 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
|
||||||
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
||||||
OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
|
OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
|
||||||
.getTokenResponse(authorizationCodeGrantRequest(this.clientRegistration.build()));
|
.getTokenResponse(authorizationCodeGrantRequest(this.clientRegistration.build()));
|
||||||
assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read", "write");
|
assertThat(accessTokenResponse.getAccessToken().getScopes()).isEmpty();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2021 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -304,7 +304,7 @@ public class DefaultClientCredentialsTokenResponseClientTests {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenAccessTokenHasDefaultScope() {
|
public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenAccessTokenHasNoScope() {
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
String accessTokenSuccessResponse = "{\n"
|
String accessTokenSuccessResponse = "{\n"
|
||||||
+ " \"access_token\": \"access-token-1234\",\n"
|
+ " \"access_token\": \"access-token-1234\",\n"
|
||||||
|
@ -317,7 +317,7 @@ public class DefaultClientCredentialsTokenResponseClientTests {
|
||||||
this.clientRegistration.build());
|
this.clientRegistration.build());
|
||||||
OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
|
OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
|
||||||
.getTokenResponse(clientCredentialsGrantRequest);
|
.getTokenResponse(clientCredentialsGrantRequest);
|
||||||
assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read", "write");
|
assertThat(accessTokenResponse.getAccessToken().getScopes()).isEmpty();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
|
@ -102,7 +102,8 @@ public class DefaultJwtBearerTokenResponseClientTests {
|
||||||
String accessTokenSuccessResponse = "{\n"
|
String accessTokenSuccessResponse = "{\n"
|
||||||
+ " \"access_token\": \"access-token-1234\",\n"
|
+ " \"access_token\": \"access-token-1234\",\n"
|
||||||
+ " \"token_type\": \"bearer\",\n"
|
+ " \"token_type\": \"bearer\",\n"
|
||||||
+ " \"expires_in\": \"3600\"\n"
|
+ " \"expires_in\": \"3600\",\n"
|
||||||
|
+ " \"scope\": \"read write\"\n"
|
||||||
+ "}\n";
|
+ "}\n";
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
||||||
|
@ -204,7 +205,7 @@ public class DefaultJwtBearerTokenResponseClientTests {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenAccessTokenHasDefaultScope() {
|
public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenAccessTokenHasNoScope() {
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
String accessTokenSuccessResponse = "{\n"
|
String accessTokenSuccessResponse = "{\n"
|
||||||
+ " \"access_token\": \"access-token-1234\",\n"
|
+ " \"access_token\": \"access-token-1234\",\n"
|
||||||
|
@ -217,7 +218,7 @@ public class DefaultJwtBearerTokenResponseClientTests {
|
||||||
this.jwtAssertion);
|
this.jwtAssertion);
|
||||||
OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
|
OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
|
||||||
.getTokenResponse(jwtBearerGrantRequest);
|
.getTokenResponse(jwtBearerGrantRequest);
|
||||||
assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read", "write");
|
assertThat(accessTokenResponse.getAccessToken().getScopes()).isEmpty();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2021 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -102,7 +102,8 @@ public class DefaultPasswordTokenResponseClientTests {
|
||||||
String accessTokenSuccessResponse = "{\n"
|
String accessTokenSuccessResponse = "{\n"
|
||||||
+ " \"access_token\": \"access-token-1234\",\n"
|
+ " \"access_token\": \"access-token-1234\",\n"
|
||||||
+ " \"token_type\": \"bearer\",\n"
|
+ " \"token_type\": \"bearer\",\n"
|
||||||
+ " \"expires_in\": \"3600\"\n"
|
+ " \"expires_in\": \"3600\",\n"
|
||||||
|
+ " \"scope\": \"read write\"\n"
|
||||||
+ "}\n";
|
+ "}\n";
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
||||||
|
@ -136,7 +137,8 @@ public class DefaultPasswordTokenResponseClientTests {
|
||||||
String accessTokenSuccessResponse = "{\n"
|
String accessTokenSuccessResponse = "{\n"
|
||||||
+ " \"access_token\": \"access-token-1234\",\n"
|
+ " \"access_token\": \"access-token-1234\",\n"
|
||||||
+ " \"token_type\": \"bearer\",\n"
|
+ " \"token_type\": \"bearer\",\n"
|
||||||
+ " \"expires_in\": \"3600\"\n"
|
+ " \"expires_in\": \"3600\",\n"
|
||||||
|
+ " \"scope\": \"read\"\n"
|
||||||
+ "}\n";
|
+ "}\n";
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
||||||
|
@ -268,6 +270,22 @@ public class DefaultPasswordTokenResponseClientTests {
|
||||||
assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read");
|
assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenAccessTokenHasNoScope() {
|
||||||
|
// @formatter:off
|
||||||
|
String accessTokenSuccessResponse = "{\n"
|
||||||
|
+ " \"access_token\": \"access-token-1234\",\n"
|
||||||
|
+ " \"token_type\": \"bearer\",\n"
|
||||||
|
+ " \"expires_in\": \"3600\"\n"
|
||||||
|
+ "}\n";
|
||||||
|
// @formatter:on
|
||||||
|
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
||||||
|
OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
|
||||||
|
this.clientRegistration.build(), this.username, this.password);
|
||||||
|
OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(passwordGrantRequest);
|
||||||
|
assertThat(accessTokenResponse.getAccessToken().getScopes()).isEmpty();
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() {
|
public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() {
|
||||||
String accessTokenErrorResponse = "{\n" + " \"error\": \"unauthorized_client\"\n" + "}\n";
|
String accessTokenErrorResponse = "{\n" + " \"error\": \"unauthorized_client\"\n" + "}\n";
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2021 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -104,7 +104,8 @@ public class DefaultRefreshTokenTokenResponseClientTests {
|
||||||
String accessTokenSuccessResponse = "{\n"
|
String accessTokenSuccessResponse = "{\n"
|
||||||
+ " \"access_token\": \"access-token-1234\",\n"
|
+ " \"access_token\": \"access-token-1234\",\n"
|
||||||
+ " \"token_type\": \"bearer\",\n"
|
+ " \"token_type\": \"bearer\",\n"
|
||||||
+ " \"expires_in\": \"3600\"\n"
|
+ " \"expires_in\": \"3600\",\n"
|
||||||
|
+ " \"scope\": \"read write\"\n"
|
||||||
+ "}\n";
|
+ "}\n";
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
||||||
|
@ -131,6 +132,26 @@ public class DefaultRefreshTokenTokenResponseClientTests {
|
||||||
assertThat(accessTokenResponse.getRefreshToken().getTokenValue()).isEqualTo(this.refreshToken.getTokenValue());
|
assertThat(accessTokenResponse.getRefreshToken().getTokenValue()).isEqualTo(this.refreshToken.getTokenValue());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenAccessTokenHasOriginalScope() {
|
||||||
|
// @formatter:off
|
||||||
|
String accessTokenSuccessResponse = "{\n"
|
||||||
|
+ " \"access_token\": \"access-token-1234\",\n"
|
||||||
|
+ " \"token_type\": \"bearer\",\n"
|
||||||
|
+ " \"expires_in\": \"3600\"\n"
|
||||||
|
+ "}\n";
|
||||||
|
// @formatter:on
|
||||||
|
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
||||||
|
ClientRegistration clientRegistration = this.clientRegistration
|
||||||
|
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST).build();
|
||||||
|
OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(clientRegistration,
|
||||||
|
this.accessToken, this.refreshToken);
|
||||||
|
OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
|
||||||
|
.getTokenResponse(refreshTokenGrantRequest);
|
||||||
|
assertThat(accessTokenResponse.getAccessToken().getScopes())
|
||||||
|
.containsExactly(this.accessToken.getScopes().toArray(new String[0]));
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void getTokenResponseWhenAuthenticationClientSecretPostThenFormParametersAreSent() throws Exception {
|
public void getTokenResponseWhenAuthenticationClientSecretPostThenFormParametersAreSent() throws Exception {
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2021 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -323,7 +323,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenReturnAccessTokenResponseUsingRequestedScope() {
|
public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenReturnAccessTokenResponseWithNoScopes() {
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
String accessTokenSuccessResponse = "{\n"
|
String accessTokenSuccessResponse = "{\n"
|
||||||
+ " \"access_token\": \"access-token-1234\",\n"
|
+ " \"access_token\": \"access-token-1234\",\n"
|
||||||
|
@ -335,8 +335,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
|
||||||
this.clientRegistration.scope("openid", "profile", "email", "address");
|
this.clientRegistration.scope("openid", "profile", "email", "address");
|
||||||
OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
|
OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
|
||||||
.getTokenResponse(authorizationCodeGrantRequest()).block();
|
.getTokenResponse(authorizationCodeGrantRequest()).block();
|
||||||
assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("openid", "profile", "email",
|
assertThat(accessTokenResponse.getAccessToken().getScopes()).isEmpty();
|
||||||
"address");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest() {
|
private OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest() {
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2021 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -103,6 +103,7 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
|
||||||
RecordedRequest actualRequest = this.server.takeRequest();
|
RecordedRequest actualRequest = this.server.takeRequest();
|
||||||
String body = actualRequest.getUtf8Body();
|
String body = actualRequest.getUtf8Body();
|
||||||
assertThat(response.getAccessToken()).isNotNull();
|
assertThat(response.getAccessToken()).isNotNull();
|
||||||
|
assertThat(response.getAccessToken().getScopes()).containsExactly("create");
|
||||||
assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION))
|
assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION))
|
||||||
.isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ=");
|
.isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ=");
|
||||||
assertThat(body).isEqualTo("grant_type=client_credentials&scope=read%3Auser");
|
assertThat(body).isEqualTo("grant_type=client_credentials&scope=read%3Auser");
|
||||||
|
@ -128,6 +129,7 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
|
||||||
RecordedRequest actualRequest = this.server.takeRequest();
|
RecordedRequest actualRequest = this.server.takeRequest();
|
||||||
String body = actualRequest.getBody().readUtf8();
|
String body = actualRequest.getBody().readUtf8();
|
||||||
assertThat(response.getAccessToken()).isNotNull();
|
assertThat(response.getAccessToken()).isNotNull();
|
||||||
|
assertThat(response.getAccessToken().getScopes()).containsExactly("create");
|
||||||
String urlEncodedClientCredentialecret = URLEncoder.encode(clientCredentialWithAnsiKeyboardSpecialCharacters,
|
String urlEncodedClientCredentialecret = URLEncoder.encode(clientCredentialWithAnsiKeyboardSpecialCharacters,
|
||||||
StandardCharsets.UTF_8.toString());
|
StandardCharsets.UTF_8.toString());
|
||||||
String clientCredentials = Base64.getEncoder()
|
String clientCredentials = Base64.getEncoder()
|
||||||
|
@ -155,6 +157,7 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
|
||||||
RecordedRequest actualRequest = this.server.takeRequest();
|
RecordedRequest actualRequest = this.server.takeRequest();
|
||||||
String body = actualRequest.getUtf8Body();
|
String body = actualRequest.getUtf8Body();
|
||||||
assertThat(response.getAccessToken()).isNotNull();
|
assertThat(response.getAccessToken()).isNotNull();
|
||||||
|
assertThat(response.getAccessToken().getScopes()).containsExactly("create");
|
||||||
assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull();
|
assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull();
|
||||||
assertThat(body).isEqualTo(
|
assertThat(body).isEqualTo(
|
||||||
"grant_type=client_credentials&client_id=client-id&client_secret=client-secret&scope=read%3Auser");
|
"grant_type=client_credentials&client_id=client-id&client_secret=client-secret&scope=read%3Auser");
|
||||||
|
@ -230,7 +233,7 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void getTokenResponseWhenNoScopeThenClientRegistrationScopesDefaulted() {
|
public void getTokenResponseWhenNoScopeThenReturnAccessTokenResponseWithNoScopes() {
|
||||||
ClientRegistration registration = this.clientRegistration.build();
|
ClientRegistration registration = this.clientRegistration.build();
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
enqueueJson("{\n"
|
enqueueJson("{\n"
|
||||||
|
@ -242,7 +245,7 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(registration);
|
OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(registration);
|
||||||
OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block();
|
OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block();
|
||||||
assertThat(response.getAccessToken().getScopes()).isEqualTo(registration.getScopes());
|
assertThat(response.getAccessToken().getScopes()).isEmpty();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2021 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -293,9 +293,17 @@ public class WebClientReactiveJwtBearerTokenResponseClientTests {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void getTokenResponseWhenClientSecretBasicThenSuccess() throws Exception {
|
public void getTokenResponseWhenClientSecretBasicThenSuccess() throws Exception {
|
||||||
|
// @formatter:off
|
||||||
|
String accessTokenResponse = "{\n"
|
||||||
|
+ " \"access_token\": \"access-token-1234\",\n"
|
||||||
|
+ " \"token_type\": \"bearer\",\n"
|
||||||
|
+ " \"expires_in\": 3600,\n"
|
||||||
|
+ " \"scope\": \"read write\""
|
||||||
|
+ "}\n";
|
||||||
|
// @formatter:on
|
||||||
ClientRegistration clientRegistration = this.clientRegistration.build();
|
ClientRegistration clientRegistration = this.clientRegistration.build();
|
||||||
JwtBearerGrantRequest request = new JwtBearerGrantRequest(clientRegistration, this.jwtAssertion);
|
JwtBearerGrantRequest request = new JwtBearerGrantRequest(clientRegistration, this.jwtAssertion);
|
||||||
enqueueJson(DEFAULT_ACCESS_TOKEN_RESPONSE);
|
enqueueJson(accessTokenResponse);
|
||||||
OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block();
|
OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block();
|
||||||
assertThat(response).isNotNull();
|
assertThat(response).isNotNull();
|
||||||
assertThat(response.getAccessToken().getScopes()).containsExactly("read", "write");
|
assertThat(response.getAccessToken().getScopes()).containsExactly("read", "write");
|
||||||
|
@ -309,12 +317,18 @@ public class WebClientReactiveJwtBearerTokenResponseClientTests {
|
||||||
@Test
|
@Test
|
||||||
public void getTokenResponseWhenClientSecretPostThenSuccess() throws Exception {
|
public void getTokenResponseWhenClientSecretPostThenSuccess() throws Exception {
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
|
String accessTokenResponse = "{\n"
|
||||||
|
+ " \"access_token\": \"access-token-1234\",\n"
|
||||||
|
+ " \"token_type\": \"bearer\",\n"
|
||||||
|
+ " \"expires_in\": 3600,\n"
|
||||||
|
+ " \"scope\": \"read write\""
|
||||||
|
+ "}\n";
|
||||||
ClientRegistration clientRegistration = this.clientRegistration
|
ClientRegistration clientRegistration = this.clientRegistration
|
||||||
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST)
|
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST)
|
||||||
.build();
|
.build();
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
JwtBearerGrantRequest request = new JwtBearerGrantRequest(clientRegistration, this.jwtAssertion);
|
JwtBearerGrantRequest request = new JwtBearerGrantRequest(clientRegistration, this.jwtAssertion);
|
||||||
enqueueJson(DEFAULT_ACCESS_TOKEN_RESPONSE);
|
enqueueJson(accessTokenResponse);
|
||||||
OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block();
|
OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block();
|
||||||
assertThat(response).isNotNull();
|
assertThat(response).isNotNull();
|
||||||
assertThat(response.getAccessToken().getScopes()).containsExactly("read", "write");
|
assertThat(response.getAccessToken().getScopes()).containsExactly("read", "write");
|
||||||
|
@ -333,6 +347,7 @@ public class WebClientReactiveJwtBearerTokenResponseClientTests {
|
||||||
+ " \"expires_in\": 3600,\n"
|
+ " \"expires_in\": 3600,\n"
|
||||||
+ " \"scope\": \"read\"\n"
|
+ " \"scope\": \"read\"\n"
|
||||||
+ "}\n";
|
+ "}\n";
|
||||||
|
// @formatter:on
|
||||||
ClientRegistration clientRegistration = this.clientRegistration.build();
|
ClientRegistration clientRegistration = this.clientRegistration.build();
|
||||||
JwtBearerGrantRequest request = new JwtBearerGrantRequest(clientRegistration, this.jwtAssertion);
|
JwtBearerGrantRequest request = new JwtBearerGrantRequest(clientRegistration, this.jwtAssertion);
|
||||||
enqueueJson(accessTokenResponse);
|
enqueueJson(accessTokenResponse);
|
||||||
|
@ -341,6 +356,17 @@ public class WebClientReactiveJwtBearerTokenResponseClientTests {
|
||||||
assertThat(response.getAccessToken().getScopes()).containsExactly("read");
|
assertThat(response.getAccessToken().getScopes()).containsExactly("read");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void getTokenResponseWhenResponseDoesNotIncludeScopeThenReturnAccessTokenResponseWithNoScopes()
|
||||||
|
throws Exception {
|
||||||
|
ClientRegistration clientRegistration = this.clientRegistration.build();
|
||||||
|
JwtBearerGrantRequest request = new JwtBearerGrantRequest(clientRegistration, this.jwtAssertion);
|
||||||
|
enqueueJson(DEFAULT_ACCESS_TOKEN_RESPONSE);
|
||||||
|
OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block();
|
||||||
|
assertThat(response).isNotNull();
|
||||||
|
assertThat(response.getAccessToken().getScopes()).isEmpty();
|
||||||
|
}
|
||||||
|
|
||||||
private void enqueueJson(String body) {
|
private void enqueueJson(String body) {
|
||||||
MockResponse response = new MockResponse().setBody(body).setHeader(HttpHeaders.CONTENT_TYPE,
|
MockResponse response = new MockResponse().setBody(body).setHeader(HttpHeaders.CONTENT_TYPE,
|
||||||
MediaType.APPLICATION_JSON_VALUE);
|
MediaType.APPLICATION_JSON_VALUE);
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2021 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -99,7 +99,8 @@ public class WebClientReactivePasswordTokenResponseClientTests {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception {
|
public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenReturnAccessTokenResponseWithNoScope()
|
||||||
|
throws Exception {
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
String accessTokenSuccessResponse = "{\n"
|
String accessTokenSuccessResponse = "{\n"
|
||||||
+ " \"access_token\": \"access-token-1234\",\n"
|
+ " \"access_token\": \"access-token-1234\",\n"
|
||||||
|
@ -128,6 +129,41 @@ public class WebClientReactivePasswordTokenResponseClientTests {
|
||||||
assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
|
assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
|
||||||
assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
|
assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
|
||||||
assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter);
|
assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter);
|
||||||
|
assertThat(accessTokenResponse.getAccessToken().getScopes()).isEmpty();
|
||||||
|
assertThat(accessTokenResponse.getRefreshToken()).isNull();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void getTokenResponseWhenSuccessResponseIncludesScopeThenReturnAccessTokenResponse() throws Exception {
|
||||||
|
// @formatter:off
|
||||||
|
String accessTokenSuccessResponse = "{\n"
|
||||||
|
+ " \"access_token\": \"access-token-1234\",\n"
|
||||||
|
+ " \"token_type\": \"bearer\",\n"
|
||||||
|
+ " \"expires_in\": \"3600\",\n"
|
||||||
|
+ " \"scope\": \"read write\"\n"
|
||||||
|
+ "}\n";
|
||||||
|
// @formatter:on
|
||||||
|
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
||||||
|
Instant expiresAtBefore = Instant.now().plusSeconds(3600);
|
||||||
|
ClientRegistration clientRegistration = this.clientRegistrationBuilder.build();
|
||||||
|
OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration,
|
||||||
|
this.username, this.password);
|
||||||
|
OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(passwordGrantRequest)
|
||||||
|
.block();
|
||||||
|
Instant expiresAtAfter = Instant.now().plusSeconds(3600);
|
||||||
|
RecordedRequest recordedRequest = this.server.takeRequest();
|
||||||
|
assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString());
|
||||||
|
assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE);
|
||||||
|
assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE))
|
||||||
|
.isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
|
||||||
|
String formParameters = recordedRequest.getBody().readUtf8();
|
||||||
|
assertThat(formParameters).contains("grant_type=password");
|
||||||
|
assertThat(formParameters).contains("username=user1");
|
||||||
|
assertThat(formParameters).contains("password=password");
|
||||||
|
assertThat(formParameters).contains("scope=read+write");
|
||||||
|
assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
|
||||||
|
assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
|
||||||
|
assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter);
|
||||||
assertThat(accessTokenResponse.getAccessToken().getScopes())
|
assertThat(accessTokenResponse.getAccessToken().getScopes())
|
||||||
.containsExactly(clientRegistration.getScopes().toArray(new String[0]));
|
.containsExactly(clientRegistration.getScopes().toArray(new String[0]));
|
||||||
assertThat(accessTokenResponse.getRefreshToken()).isNull();
|
assertThat(accessTokenResponse.getRefreshToken()).isNull();
|
||||||
|
|
Loading…
Reference in New Issue