mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-05-30 00:32:14 +00:00
Polish class names in oauth2-core
Fixes gh-4720
This commit is contained in:
Joe Grandja
parent
2060125ebd
commit
34668e05af
@ -42,7 +42,7 @@ import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationRequestRedirectFilter;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
|
||||
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
|
||||
@ -134,7 +134,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
|
||||
|
||||
public class TokenEndpointConfig {
|
||||
private AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> authorizationCodeTokenExchanger;
|
||||
private OAuth2TokenRepository<AccessToken> accessTokenRepository;
|
||||
private OAuth2TokenRepository<OAuth2AccessToken> accessTokenRepository;
|
||||
private JwtDecoderRegistry jwtDecoderRegistry;
|
||||
|
||||
private TokenEndpointConfig() {
|
||||
@ -148,7 +148,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
|
||||
return this;
|
||||
}
|
||||
|
||||
public TokenEndpointConfig accessTokenRepository(OAuth2TokenRepository<AccessToken> accessTokenRepository) {
|
||||
public TokenEndpointConfig accessTokenRepository(OAuth2TokenRepository<OAuth2AccessToken> accessTokenRepository) {
|
||||
Assert.notNull(accessTokenRepository, "accessTokenRepository cannot be null");
|
||||
this.accessTokenRepository = accessTokenRepository;
|
||||
return this;
|
||||
|
||||
@ -19,7 +19,7 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration.Builder;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
import org.springframework.security.oauth2.core.oidc.IdTokenClaim;
|
||||
import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
|
||||
|
||||
/**
|
||||
* Common OAuth2 Providers that can be used to create
|
||||
@ -42,7 +42,7 @@ public enum CommonOAuth2Provider {
|
||||
builder.tokenUri("https://www.googleapis.com/oauth2/v4/token");
|
||||
builder.jwkSetUri("https://www.googleapis.com/oauth2/v3/certs");
|
||||
builder.userInfoUri("https://www.googleapis.com/oauth2/v3/userinfo");
|
||||
builder.userNameAttributeName(IdTokenClaim.SUB);
|
||||
builder.userNameAttributeName(IdTokenClaimNames.SUB);
|
||||
builder.clientName("Google");
|
||||
return builder;
|
||||
}
|
||||
@ -87,7 +87,7 @@ public enum CommonOAuth2Provider {
|
||||
ClientRegistration.Builder builder = getBuilder(registrationId,
|
||||
ClientAuthenticationMethod.BASIC, DEFAULT_LOGIN_REDIRECT_URL);
|
||||
builder.scope("openid", "profile", "email", "address", "phone");
|
||||
builder.userNameAttributeName(IdTokenClaim.SUB);
|
||||
builder.userNameAttributeName(IdTokenClaimNames.SUB);
|
||||
builder.clientName("Okta");
|
||||
return builder;
|
||||
}
|
||||
|
||||
@ -20,7 +20,7 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
import org.springframework.security.oauth2.core.oidc.IdTokenClaim;
|
||||
import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
||||
@ -44,7 +44,7 @@ public class CommonOAuth2ProviderTests {
|
||||
assertThat(providerDetails.getUserInfoEndpoint().getUri())
|
||||
.isEqualTo("https://www.googleapis.com/oauth2/v3/userinfo");
|
||||
assertThat(providerDetails.getUserInfoEndpoint().getUserNameAttributeName())
|
||||
.isEqualTo(IdTokenClaim.SUB);
|
||||
.isEqualTo(IdTokenClaimNames.SUB);
|
||||
assertThat(providerDetails.getJwkSetUri())
|
||||
.isEqualTo("https://www.googleapis.com/oauth2/v3/certs");
|
||||
assertThat(registration.getClientAuthenticationMethod())
|
||||
@ -117,7 +117,7 @@ public class CommonOAuth2ProviderTests {
|
||||
assertThat(providerDetails.getTokenUri()).isEqualTo("http://example.com/token");
|
||||
assertThat(providerDetails.getUserInfoEndpoint().getUri()).isEqualTo("http://example.com/info");
|
||||
assertThat(providerDetails.getUserInfoEndpoint().getUserNameAttributeName())
|
||||
.isEqualTo(IdTokenClaim.SUB);
|
||||
.isEqualTo(IdTokenClaimNames.SUB);
|
||||
assertThat(providerDetails.getJwkSetUri()).isEqualTo("http://example.com/jwkset");
|
||||
assertThat(registration.getClientAuthenticationMethod())
|
||||
.isEqualTo(ClientAuthenticationMethod.BASIC);
|
||||
|
||||
@ -16,7 +16,7 @@
|
||||
package org.springframework.security.oauth2.client;
|
||||
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
@ -32,15 +32,15 @@ import org.springframework.util.Assert;
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see ClientRegistration
|
||||
* @see AccessToken
|
||||
* @see OAuth2AccessToken
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-5.1">Section 5.1 Access Token Response</a>
|
||||
*/
|
||||
public class OAuth2AuthorizedClient {
|
||||
private final ClientRegistration clientRegistration;
|
||||
private final String principalName;
|
||||
private final AccessToken accessToken;
|
||||
private final OAuth2AccessToken accessToken;
|
||||
|
||||
public OAuth2AuthorizedClient(ClientRegistration clientRegistration, String principalName, AccessToken accessToken) {
|
||||
public OAuth2AuthorizedClient(ClientRegistration clientRegistration, String principalName, OAuth2AccessToken accessToken) {
|
||||
Assert.notNull(clientRegistration, "clientRegistration cannot be null");
|
||||
Assert.hasText(principalName, "principalName cannot be empty");
|
||||
Assert.notNull(accessToken, "accessToken cannot be null");
|
||||
@ -57,7 +57,7 @@ public class OAuth2AuthorizedClient {
|
||||
return this.principalName;
|
||||
}
|
||||
|
||||
public AccessToken getAccessToken() {
|
||||
public OAuth2AccessToken getAccessToken() {
|
||||
return this.accessToken;
|
||||
}
|
||||
}
|
||||
|
||||
@ -17,9 +17,9 @@ package org.springframework.security.oauth2.client.authentication;
|
||||
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationExchange;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationResponse;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
@ -30,16 +30,16 @@ import org.springframework.util.Assert;
|
||||
* @since 5.0
|
||||
* @see AuthorizationGrantAuthenticationToken
|
||||
* @see ClientRegistration
|
||||
* @see AuthorizationRequest
|
||||
* @see AuthorizationResponse
|
||||
* @see OAuth2AuthorizationRequest
|
||||
* @see OAuth2AuthorizationResponse
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.3.1">Section 1.3.1 Authorization Code Grant</a>
|
||||
*/
|
||||
public class AuthorizationCodeAuthenticationToken extends AuthorizationGrantAuthenticationToken {
|
||||
private final ClientRegistration clientRegistration;
|
||||
private final AuthorizationExchange authorizationExchange;
|
||||
private final OAuth2AuthorizationExchange authorizationExchange;
|
||||
|
||||
public AuthorizationCodeAuthenticationToken(ClientRegistration clientRegistration,
|
||||
AuthorizationExchange authorizationExchange) {
|
||||
OAuth2AuthorizationExchange authorizationExchange) {
|
||||
|
||||
super(AuthorizationGrantType.AUTHORIZATION_CODE);
|
||||
Assert.notNull(clientRegistration, "clientRegistration cannot be null");
|
||||
@ -63,7 +63,7 @@ public class AuthorizationCodeAuthenticationToken extends AuthorizationGrantAuth
|
||||
return this.clientRegistration;
|
||||
}
|
||||
|
||||
public AuthorizationExchange getAuthorizationExchange() {
|
||||
public OAuth2AuthorizationExchange getAuthorizationExchange() {
|
||||
return this.authorizationExchange;
|
||||
}
|
||||
}
|
||||
|
||||
@ -18,7 +18,7 @@ package org.springframework.security.oauth2.client.authentication;
|
||||
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.endpoint.TokenResponse;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||
|
||||
/**
|
||||
* Implementations of this interface are responsible for <i>"exchanging"</i>
|
||||
@ -29,13 +29,13 @@ import org.springframework.security.oauth2.core.endpoint.TokenResponse;
|
||||
* @since 5.0
|
||||
* @see AuthorizationGrantType
|
||||
* @see AuthorizationGrantAuthenticationToken
|
||||
* @see TokenResponse
|
||||
* @see OAuth2AccessTokenResponse
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.3">Section 1.3 Authorization Grant</a>
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request (Authorization Code Grant)</a>
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response (Authorization Code Grant)</a>
|
||||
*/
|
||||
public interface AuthorizationGrantTokenExchanger<T extends AuthorizationGrantAuthenticationToken> {
|
||||
|
||||
TokenResponse exchange(T authorizationGrantAuthentication) throws OAuth2AuthenticationException;
|
||||
OAuth2AccessTokenResponse exchange(T authorizationGrantAuthentication) throws OAuth2AuthenticationException;
|
||||
|
||||
}
|
||||
|
||||
@ -33,11 +33,11 @@ import com.nimbusds.oauth2.sdk.id.ClientID;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.security.authentication.AuthenticationServiceException;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.endpoint.TokenResponse;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||
import org.springframework.util.CollectionUtils;
|
||||
|
||||
import java.io.IOException;
|
||||
@ -59,7 +59,7 @@ import java.util.Set;
|
||||
* @since 5.0
|
||||
* @see AuthorizationGrantTokenExchanger
|
||||
* @see AuthorizationCodeAuthenticationToken
|
||||
* @see TokenResponse
|
||||
* @see OAuth2AccessTokenResponse
|
||||
* @see <a target="_blank" href="https://connect2id.com/products/nimbus-oauth-openid-connect-sdk">Nimbus OAuth 2.0 SDK</a>
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request (Authorization Code Grant)</a>
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response (Authorization Code Grant)</a>
|
||||
@ -68,7 +68,7 @@ public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrant
|
||||
private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response";
|
||||
|
||||
@Override
|
||||
public TokenResponse exchange(AuthorizationCodeAuthenticationToken authorizationCodeAuthentication)
|
||||
public OAuth2AccessTokenResponse exchange(AuthorizationCodeAuthenticationToken authorizationCodeAuthentication)
|
||||
throws OAuth2AuthenticationException {
|
||||
|
||||
ClientRegistration clientRegistration = authorizationCodeAuthentication.getClientRegistration();
|
||||
@ -117,9 +117,9 @@ public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrant
|
||||
AccessTokenResponse accessTokenResponse = (AccessTokenResponse) tokenResponse;
|
||||
|
||||
String accessToken = accessTokenResponse.getTokens().getAccessToken().getValue();
|
||||
AccessToken.TokenType accessTokenType = null;
|
||||
if (AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(accessTokenResponse.getTokens().getAccessToken().getType().getValue())) {
|
||||
accessTokenType = AccessToken.TokenType.BEARER;
|
||||
OAuth2AccessToken.TokenType accessTokenType = null;
|
||||
if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(accessTokenResponse.getTokens().getAccessToken().getType().getValue())) {
|
||||
accessTokenType = OAuth2AccessToken.TokenType.BEARER;
|
||||
}
|
||||
long expiresIn = accessTokenResponse.getTokens().getAccessToken().getLifetime();
|
||||
|
||||
@ -138,7 +138,7 @@ public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrant
|
||||
|
||||
Map<String, Object> additionalParameters = new LinkedHashMap<>(accessTokenResponse.getCustomParameters());
|
||||
|
||||
return TokenResponse.withToken(accessToken)
|
||||
return OAuth2AccessTokenResponse.withToken(accessToken)
|
||||
.tokenType(accessTokenType)
|
||||
.expiresIn(expiresIn)
|
||||
.scopes(scopes)
|
||||
|
||||
@ -22,12 +22,12 @@ import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationResponse;
|
||||
import org.springframework.security.oauth2.core.endpoint.TokenResponse;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
@ -88,9 +88,9 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider
|
||||
return null;
|
||||
}
|
||||
|
||||
AuthorizationRequest authorizationRequest = authorizationCodeAuthentication
|
||||
OAuth2AuthorizationRequest authorizationRequest = authorizationCodeAuthentication
|
||||
.getAuthorizationExchange().getAuthorizationRequest();
|
||||
AuthorizationResponse authorizationResponse = authorizationCodeAuthentication
|
||||
OAuth2AuthorizationResponse authorizationResponse = authorizationCodeAuthentication
|
||||
.getAuthorizationExchange().getAuthorizationResponse();
|
||||
|
||||
if (authorizationResponse.statusError()) {
|
||||
@ -108,12 +108,12 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider
|
||||
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
|
||||
}
|
||||
|
||||
TokenResponse tokenResponse =
|
||||
OAuth2AccessTokenResponse accessTokenResponse =
|
||||
this.authorizationCodeTokenExchanger.exchange(authorizationCodeAuthentication);
|
||||
|
||||
AccessToken accessToken = new AccessToken(tokenResponse.getTokenType(),
|
||||
tokenResponse.getTokenValue(), tokenResponse.getIssuedAt(),
|
||||
tokenResponse.getExpiresAt(), tokenResponse.getScopes());
|
||||
OAuth2AccessToken accessToken = new OAuth2AccessToken(accessTokenResponse.getTokenType(),
|
||||
accessTokenResponse.getTokenValue(), accessTokenResponse.getIssuedAt(),
|
||||
accessTokenResponse.getExpiresAt(), accessTokenResponse.getScopes());
|
||||
|
||||
OAuth2AuthorizedClient oauth2AuthorizedClient = new OAuth2AuthorizedClient(
|
||||
authorizationCodeAuthentication.getClientRegistration(), "unknown", accessToken);
|
||||
|
||||
@ -16,7 +16,7 @@
|
||||
package org.springframework.security.oauth2.client.endpoint;
|
||||
|
||||
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
|
||||
import java.net.URI;
|
||||
|
||||
@ -37,10 +37,10 @@ import java.net.URI;
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see AuthorizationRequest
|
||||
* @see OAuth2AuthorizationRequest
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.1">Section 4.1.1 Authorization Request</a>
|
||||
*/
|
||||
public interface AuthorizationRequestUriBuilder {
|
||||
|
||||
URI build(AuthorizationRequest authorizationRequest);
|
||||
URI build(OAuth2AuthorizationRequest authorizationRequest);
|
||||
}
|
||||
|
||||
@ -15,8 +15,8 @@
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.endpoint;
|
||||
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.web.util.UriComponentsBuilder;
|
||||
|
||||
@ -30,23 +30,23 @@ import java.util.Set;
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see AuthorizationRequestUriBuilder
|
||||
* @see AuthorizationRequest
|
||||
* @see OAuth2AuthorizationRequest
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.1">Section 4.1.1 Authorization Code Grant Request</a>
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.2.1">Section 4.2.1 Implicit Grant Request</a>
|
||||
*/
|
||||
public class DefaultAuthorizationRequestUriBuilder implements AuthorizationRequestUriBuilder {
|
||||
|
||||
@Override
|
||||
public URI build(AuthorizationRequest authorizationRequest) {
|
||||
public URI build(OAuth2AuthorizationRequest authorizationRequest) {
|
||||
Set<String> scopes = authorizationRequest.getScopes();
|
||||
UriComponentsBuilder uriBuilder = UriComponentsBuilder
|
||||
.fromUriString(authorizationRequest.getAuthorizationUri())
|
||||
.queryParam(OAuth2Parameter.RESPONSE_TYPE, authorizationRequest.getResponseType().getValue())
|
||||
.queryParam(OAuth2Parameter.CLIENT_ID, authorizationRequest.getClientId())
|
||||
.queryParam(OAuth2Parameter.SCOPE, StringUtils.collectionToDelimitedString(scopes, " "))
|
||||
.queryParam(OAuth2Parameter.STATE, authorizationRequest.getState());
|
||||
.queryParam(OAuth2ParameterNames.RESPONSE_TYPE, authorizationRequest.getResponseType().getValue())
|
||||
.queryParam(OAuth2ParameterNames.CLIENT_ID, authorizationRequest.getClientId())
|
||||
.queryParam(OAuth2ParameterNames.SCOPE, StringUtils.collectionToDelimitedString(scopes, " "))
|
||||
.queryParam(OAuth2ParameterNames.STATE, authorizationRequest.getState());
|
||||
if (authorizationRequest.getRedirectUri() != null) {
|
||||
uriBuilder.queryParam(OAuth2Parameter.REDIRECT_URI, authorizationRequest.getRedirectUri());
|
||||
uriBuilder.queryParam(OAuth2ParameterNames.REDIRECT_URI, authorizationRequest.getRedirectUri());
|
||||
}
|
||||
|
||||
return uriBuilder.build().encode().toUri();
|
||||
|
||||
@ -17,8 +17,8 @@ package org.springframework.security.oauth2.client.oidc;
|
||||
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.oidc.IdToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
@ -35,21 +35,21 @@ import org.springframework.util.Assert;
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see OAuth2AuthorizedClient
|
||||
* @see IdToken
|
||||
* @see OidcIdToken
|
||||
* @see <a target="_blank" href="http://openid.net/specs/openid-connect-core-1_0.html#TokenResponse">3.1.3.3 Successful Token Response</a>
|
||||
*/
|
||||
public class OidcAuthorizedClient extends OAuth2AuthorizedClient {
|
||||
private final IdToken idToken;
|
||||
private final OidcIdToken idToken;
|
||||
|
||||
public OidcAuthorizedClient(ClientRegistration clientRegistration, String principalName,
|
||||
AccessToken accessToken, IdToken idToken) {
|
||||
OAuth2AccessToken accessToken, OidcIdToken idToken) {
|
||||
|
||||
super(clientRegistration, principalName, accessToken);
|
||||
Assert.notNull(idToken, "idToken cannot be null");
|
||||
this.idToken = idToken;
|
||||
}
|
||||
|
||||
public IdToken getIdToken() {
|
||||
public OidcIdToken getIdToken() {
|
||||
return this.idToken;
|
||||
}
|
||||
}
|
||||
|
||||
@ -28,15 +28,15 @@ import org.springframework.security.oauth2.client.oidc.OidcAuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationResponse;
|
||||
import org.springframework.security.oauth2.core.endpoint.TokenResponse;
|
||||
import org.springframework.security.oauth2.core.oidc.IdToken;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcScope;
|
||||
import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameter;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcScopes;
|
||||
import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
|
||||
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
|
||||
import org.springframework.security.oauth2.jwt.Jwt;
|
||||
import org.springframework.security.oauth2.jwt.JwtDecoder;
|
||||
@ -102,15 +102,15 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
|
||||
// scope
|
||||
// REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
|
||||
if (!authorizationCodeAuthentication.getAuthorizationExchange()
|
||||
.getAuthorizationRequest().getScopes().contains(OidcScope.OPENID)) {
|
||||
.getAuthorizationRequest().getScopes().contains(OidcScopes.OPENID)) {
|
||||
// This is NOT an OpenID Connect Authentication Request so return null
|
||||
// and let OAuth2LoginAuthenticationProvider handle it instead
|
||||
return null;
|
||||
}
|
||||
|
||||
AuthorizationRequest authorizationRequest = authorizationCodeAuthentication
|
||||
OAuth2AuthorizationRequest authorizationRequest = authorizationCodeAuthentication
|
||||
.getAuthorizationExchange().getAuthorizationRequest();
|
||||
AuthorizationResponse authorizationResponse = authorizationCodeAuthentication
|
||||
OAuth2AuthorizationResponse authorizationResponse = authorizationCodeAuthentication
|
||||
.getAuthorizationExchange().getAuthorizationResponse();
|
||||
|
||||
if (authorizationResponse.statusError()) {
|
||||
@ -128,16 +128,16 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
|
||||
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
|
||||
}
|
||||
|
||||
TokenResponse tokenResponse =
|
||||
OAuth2AccessTokenResponse accessTokenResponse =
|
||||
this.authorizationCodeTokenExchanger.exchange(authorizationCodeAuthentication);
|
||||
|
||||
AccessToken accessToken = new AccessToken(tokenResponse.getTokenType(),
|
||||
tokenResponse.getTokenValue(), tokenResponse.getIssuedAt(),
|
||||
tokenResponse.getExpiresAt(), tokenResponse.getScopes());
|
||||
OAuth2AccessToken accessToken = new OAuth2AccessToken(accessTokenResponse.getTokenType(),
|
||||
accessTokenResponse.getTokenValue(), accessTokenResponse.getIssuedAt(),
|
||||
accessTokenResponse.getExpiresAt(), accessTokenResponse.getScopes());
|
||||
|
||||
ClientRegistration clientRegistration = authorizationCodeAuthentication.getClientRegistration();
|
||||
|
||||
if (!tokenResponse.getAdditionalParameters().containsKey(OidcParameter.ID_TOKEN)) {
|
||||
if (!accessTokenResponse.getAdditionalParameters().containsKey(OidcParameterNames.ID_TOKEN)) {
|
||||
throw new IllegalArgumentException(
|
||||
"Missing (required) ID Token in Token Response for Client Registration: " + clientRegistration.getRegistrationId());
|
||||
}
|
||||
@ -147,8 +147,8 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
|
||||
throw new IllegalArgumentException("Failed to find a registered JwtDecoder for Client Registration: '" +
|
||||
clientRegistration.getRegistrationId() + "'. Check to ensure you have configured the JwkSet URI.");
|
||||
}
|
||||
Jwt jwt = jwtDecoder.decode((String)tokenResponse.getAdditionalParameters().get(OidcParameter.ID_TOKEN));
|
||||
IdToken idToken = new IdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaims());
|
||||
Jwt jwt = jwtDecoder.decode((String) accessTokenResponse.getAdditionalParameters().get(OidcParameterNames.ID_TOKEN));
|
||||
OidcIdToken idToken = new OidcIdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaims());
|
||||
|
||||
this.validateIdToken(idToken, clientRegistration);
|
||||
|
||||
@ -182,7 +182,7 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
|
||||
return AuthorizationCodeAuthenticationToken.class.isAssignableFrom(authentication);
|
||||
}
|
||||
|
||||
private void validateIdToken(IdToken idToken, ClientRegistration clientRegistration) {
|
||||
private void validateIdToken(OidcIdToken idToken, ClientRegistration clientRegistration) {
|
||||
// 3.1.3.7 ID Token Validation
|
||||
// http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
|
||||
|
||||
|
||||
@ -23,8 +23,8 @@ import org.springframework.security.oauth2.client.userinfo.UserInfoRetriever;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcScope;
|
||||
import org.springframework.security.oauth2.core.oidc.UserInfo;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcScopes;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
|
||||
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
|
||||
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
|
||||
import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
|
||||
@ -41,7 +41,7 @@ import java.util.Set;
|
||||
* <p>
|
||||
* This implementation uses a {@link UserInfoRetriever} to obtain the user attributes
|
||||
* of the <i>End-User</i> (resource owner) from the <i>UserInfo Endpoint</i>
|
||||
* and constructs a {@link UserInfo} instance.
|
||||
* and constructs a {@link OidcUserInfo} instance.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
@ -49,21 +49,21 @@ import java.util.Set;
|
||||
* @see OidcAuthorizedClient
|
||||
* @see OidcUser
|
||||
* @see DefaultOidcUser
|
||||
* @see UserInfo
|
||||
* @see OidcUserInfo
|
||||
* @see UserInfoRetriever
|
||||
*/
|
||||
public class OidcUserService implements OAuth2UserService<OidcAuthorizedClient, OidcUser> {
|
||||
private static final String INVALID_USER_INFO_RESPONSE_ERROR_CODE = "invalid_user_info_response";
|
||||
private UserInfoRetriever userInfoRetriever = new NimbusUserInfoRetriever();
|
||||
private final Set<String> userInfoScopes = new HashSet<>(
|
||||
Arrays.asList(OidcScope.PROFILE, OidcScope.EMAIL, OidcScope.ADDRESS, OidcScope.PHONE));
|
||||
Arrays.asList(OidcScopes.PROFILE, OidcScopes.EMAIL, OidcScopes.ADDRESS, OidcScopes.PHONE));
|
||||
|
||||
@Override
|
||||
public OidcUser loadUser(OidcAuthorizedClient authorizedClient) throws OAuth2AuthenticationException {
|
||||
UserInfo userInfo = null;
|
||||
OidcUserInfo userInfo = null;
|
||||
if (this.shouldRetrieveUserInfo(authorizedClient)) {
|
||||
Map<String, Object> userAttributes = this.userInfoRetriever.retrieve(authorizedClient, Map.class);
|
||||
userInfo = new UserInfo(userAttributes);
|
||||
userInfo = new OidcUserInfo(userAttributes);
|
||||
|
||||
// http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
|
||||
// Due to the possibility of token substitution attacks (see Section 16.11),
|
||||
|
||||
@ -17,7 +17,7 @@ package org.springframework.security.oauth2.client.registration;
|
||||
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcScope;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcScopes;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.CollectionUtils;
|
||||
|
||||
@ -280,7 +280,7 @@ public final class ClientRegistration {
|
||||
Assert.notEmpty(this.scopes, "scopes cannot be empty");
|
||||
Assert.hasText(this.authorizationUri, "authorizationUri cannot be empty");
|
||||
Assert.hasText(this.tokenUri, "tokenUri cannot be empty");
|
||||
if (this.scopes.contains(OidcScope.OPENID)) {
|
||||
if (this.scopes.contains(OidcScopes.OPENID)) {
|
||||
// OIDC Clients need to verify/validate the ID Token
|
||||
Assert.hasText(this.jwkSetUri, "jwkSetUri cannot be empty");
|
||||
}
|
||||
|
||||
@ -17,7 +17,7 @@ package org.springframework.security.oauth2.client.token;
|
||||
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import java.util.Base64;
|
||||
@ -25,27 +25,27 @@ import java.util.Map;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
|
||||
/**
|
||||
* An <i>in-memory</i> {@link OAuth2TokenRepository} for {@link AccessToken}'s.
|
||||
* An <i>in-memory</i> {@link OAuth2TokenRepository} for {@link OAuth2AccessToken}'s.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see OAuth2TokenRepository
|
||||
* @see AccessToken
|
||||
* @see OAuth2AccessToken
|
||||
* @see ClientRegistration
|
||||
* @see Authentication
|
||||
*/
|
||||
public final class InMemoryAccessTokenRepository implements OAuth2TokenRepository<AccessToken> {
|
||||
private final Map<String, AccessToken> accessTokens = new ConcurrentHashMap<>();
|
||||
public final class InMemoryAccessTokenRepository implements OAuth2TokenRepository<OAuth2AccessToken> {
|
||||
private final Map<String, OAuth2AccessToken> accessTokens = new ConcurrentHashMap<>();
|
||||
|
||||
@Override
|
||||
public AccessToken loadToken(ClientRegistration registration, Authentication principal) {
|
||||
public OAuth2AccessToken loadToken(ClientRegistration registration, Authentication principal) {
|
||||
Assert.notNull(registration, "registration cannot be null");
|
||||
Assert.notNull(principal, "principal cannot be null");
|
||||
return this.accessTokens.get(this.getIdentifier(registration, principal));
|
||||
}
|
||||
|
||||
@Override
|
||||
public void saveToken(AccessToken accessToken, ClientRegistration registration, Authentication principal) {
|
||||
public void saveToken(OAuth2AccessToken accessToken, ClientRegistration registration, Authentication principal) {
|
||||
Assert.notNull(accessToken, "accessToken cannot be null");
|
||||
Assert.notNull(registration, "registration cannot be null");
|
||||
Assert.notNull(principal, "principal cannot be null");
|
||||
@ -53,7 +53,7 @@ public final class InMemoryAccessTokenRepository implements OAuth2TokenRepositor
|
||||
}
|
||||
|
||||
@Override
|
||||
public AccessToken removeToken(ClientRegistration registration, Authentication principal) {
|
||||
public OAuth2AccessToken removeToken(ClientRegistration registration, Authentication principal) {
|
||||
Assert.notNull(registration, "registration cannot be null");
|
||||
Assert.notNull(principal, "principal cannot be null");
|
||||
return this.accessTokens.remove(this.getIdentifier(registration, principal));
|
||||
|
||||
@ -22,9 +22,9 @@ import org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationR
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.client.endpoint.AuthorizationRequestUriBuilder;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
|
||||
import org.springframework.security.web.DefaultRedirectStrategy;
|
||||
import org.springframework.security.web.RedirectStrategy;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
@ -55,7 +55,7 @@ import java.util.Map;
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see AuthorizationRequest
|
||||
* @see OAuth2AuthorizationRequest
|
||||
* @see AuthorizationRequestRepository
|
||||
* @see AuthorizationRequestUriBuilder
|
||||
* @see ClientRegistration
|
||||
@ -132,18 +132,18 @@ public class AuthorizationRequestRedirectFilter extends OncePerRequestFilter {
|
||||
String redirectUriStr = this.expandRedirectUri(request, clientRegistration);
|
||||
|
||||
Map<String,Object> additionalParameters = new HashMap<>();
|
||||
additionalParameters.put(OAuth2Parameter.REGISTRATION_ID, clientRegistration.getRegistrationId());
|
||||
additionalParameters.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId());
|
||||
|
||||
AuthorizationRequest.Builder builder;
|
||||
OAuth2AuthorizationRequest.Builder builder;
|
||||
if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(clientRegistration.getAuthorizationGrantType())) {
|
||||
builder = AuthorizationRequest.authorizationCode();
|
||||
builder = OAuth2AuthorizationRequest.authorizationCode();
|
||||
} else if (AuthorizationGrantType.IMPLICIT.equals(clientRegistration.getAuthorizationGrantType())) {
|
||||
builder = AuthorizationRequest.implicit();
|
||||
builder = OAuth2AuthorizationRequest.implicit();
|
||||
} else {
|
||||
throw new IllegalArgumentException("Invalid Authorization Grant Type for Client Registration (" +
|
||||
clientRegistration.getRegistrationId() + "): " + clientRegistration.getAuthorizationGrantType());
|
||||
}
|
||||
AuthorizationRequest authorizationRequest = builder
|
||||
OAuth2AuthorizationRequest authorizationRequest = builder
|
||||
.clientId(clientRegistration.getClientId())
|
||||
.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
|
||||
.redirectUri(redirectUriStr)
|
||||
|
||||
@ -15,14 +15,14 @@
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.web;
|
||||
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
/**
|
||||
* Implementations of this interface are responsible for the persistence
|
||||
* of {@link AuthorizationRequest} between requests.
|
||||
* of {@link OAuth2AuthorizationRequest} between requests.
|
||||
*
|
||||
* <p>
|
||||
* Used by the {@link AuthorizationRequestRedirectFilter} for persisting the <i>Authorization Request</i>
|
||||
@ -32,16 +32,16 @@ import javax.servlet.http.HttpServletResponse;
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see AuthorizationRequest
|
||||
* @see OAuth2AuthorizationRequest
|
||||
* @see HttpSessionAuthorizationRequestRepository
|
||||
*/
|
||||
public interface AuthorizationRequestRepository {
|
||||
|
||||
AuthorizationRequest loadAuthorizationRequest(HttpServletRequest request);
|
||||
OAuth2AuthorizationRequest loadAuthorizationRequest(HttpServletRequest request);
|
||||
|
||||
void saveAuthorizationRequest(AuthorizationRequest authorizationRequest, HttpServletRequest request,
|
||||
void saveAuthorizationRequest(OAuth2AuthorizationRequest authorizationRequest, HttpServletRequest request,
|
||||
HttpServletResponse response);
|
||||
|
||||
AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request);
|
||||
OAuth2AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request);
|
||||
|
||||
}
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.web;
|
||||
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
@ -23,11 +23,11 @@ import javax.servlet.http.HttpSession;
|
||||
|
||||
/**
|
||||
* An implementation of an {@link AuthorizationRequestRepository} that stores
|
||||
* {@link AuthorizationRequest} in the {@link HttpSession}.
|
||||
* {@link OAuth2AuthorizationRequest} in the {@link HttpSession}.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see AuthorizationRequest
|
||||
* @see OAuth2AuthorizationRequest
|
||||
*/
|
||||
public final class HttpSessionAuthorizationRequestRepository implements AuthorizationRequestRepository {
|
||||
private static final String DEFAULT_AUTHORIZATION_REQUEST_ATTR_NAME =
|
||||
@ -35,16 +35,16 @@ public final class HttpSessionAuthorizationRequestRepository implements Authoriz
|
||||
private final String sessionAttributeName = DEFAULT_AUTHORIZATION_REQUEST_ATTR_NAME;
|
||||
|
||||
@Override
|
||||
public AuthorizationRequest loadAuthorizationRequest(HttpServletRequest request) {
|
||||
public OAuth2AuthorizationRequest loadAuthorizationRequest(HttpServletRequest request) {
|
||||
HttpSession session = request.getSession(false);
|
||||
if (session != null) {
|
||||
return (AuthorizationRequest) session.getAttribute(this.sessionAttributeName);
|
||||
return (OAuth2AuthorizationRequest) session.getAttribute(this.sessionAttributeName);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void saveAuthorizationRequest(AuthorizationRequest authorizationRequest, HttpServletRequest request,
|
||||
public void saveAuthorizationRequest(OAuth2AuthorizationRequest authorizationRequest, HttpServletRequest request,
|
||||
HttpServletResponse response) {
|
||||
if (authorizationRequest == null) {
|
||||
this.removeAuthorizationRequest(request);
|
||||
@ -54,8 +54,8 @@ public final class HttpSessionAuthorizationRequestRepository implements Authoriz
|
||||
}
|
||||
|
||||
@Override
|
||||
public AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request) {
|
||||
AuthorizationRequest authorizationRequest = this.loadAuthorizationRequest(request);
|
||||
public OAuth2AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request) {
|
||||
OAuth2AuthorizationRequest authorizationRequest = this.loadAuthorizationRequest(request);
|
||||
if (authorizationRequest != null) {
|
||||
request.getSession().removeAttribute(this.sessionAttributeName);
|
||||
}
|
||||
|
||||
@ -26,14 +26,14 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.token.InMemoryAccessTokenRepository;
|
||||
import org.springframework.security.oauth2.client.token.OAuth2TokenRepository;
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.OAuth2ErrorCode;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationExchange;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationResponse;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;
|
||||
import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
|
||||
import org.springframework.util.Assert;
|
||||
@ -54,13 +54,13 @@ import java.io.IOException;
|
||||
* <ul>
|
||||
* <li>
|
||||
* Assuming the resource owner (end-user) has granted access to the client, the authorization server will append the
|
||||
* {@link OAuth2Parameter#CODE} and {@link OAuth2Parameter#STATE} (if provided in the <i>Authorization Request</i>) parameters
|
||||
* to the {@link OAuth2Parameter#REDIRECT_URI} (provided in the <i>Authorization Request</i>)
|
||||
* {@link OAuth2ParameterNames#CODE} and {@link OAuth2ParameterNames#STATE} (if provided in the <i>Authorization Request</i>) parameters
|
||||
* to the {@link OAuth2ParameterNames#REDIRECT_URI} (provided in the <i>Authorization Request</i>)
|
||||
* and redirect the end-user's user-agent back to this <code>Filter</code> (the client).
|
||||
* </li>
|
||||
* <li>
|
||||
* This <code>Filter</code> will then create an {@link AuthorizationCodeAuthenticationToken} with
|
||||
* the {@link OAuth2Parameter#CODE} received in the previous step and delegate it to
|
||||
* the {@link OAuth2ParameterNames#CODE} received in the previous step and delegate it to
|
||||
* {@link OAuth2LoginAuthenticationProvider#authenticate(Authentication)} (indirectly via {@link AuthenticationManager}).
|
||||
* </li>
|
||||
* </ul>
|
||||
@ -71,8 +71,8 @@ import java.io.IOException;
|
||||
* @see AuthorizationCodeAuthenticationToken
|
||||
* @see OAuth2AuthenticationToken
|
||||
* @see OAuth2LoginAuthenticationProvider
|
||||
* @see AuthorizationRequest
|
||||
* @see AuthorizationResponse
|
||||
* @see OAuth2AuthorizationRequest
|
||||
* @see OAuth2AuthorizationResponse
|
||||
* @see AuthorizationRequestRepository
|
||||
* @see AuthorizationRequestRedirectFilter
|
||||
* @see ClientRegistrationRepository
|
||||
@ -85,7 +85,7 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce
|
||||
private static final String AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE = "authorization_request_not_found";
|
||||
private ClientRegistrationRepository clientRegistrationRepository;
|
||||
private AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository();
|
||||
private OAuth2TokenRepository<AccessToken> accessTokenRepository = new InMemoryAccessTokenRepository();
|
||||
private OAuth2TokenRepository<OAuth2AccessToken> accessTokenRepository = new InMemoryAccessTokenRepository();
|
||||
|
||||
public OAuth2LoginAuthenticationFilter() {
|
||||
this(DEFAULT_FILTER_PROCESSES_URI);
|
||||
@ -106,19 +106,19 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce
|
||||
throws AuthenticationException, IOException, ServletException {
|
||||
|
||||
if (!this.authorizationResponseSuccess(request) && !this.authorizationResponseError(request)) {
|
||||
OAuth2Error oauth2Error = new OAuth2Error(OAuth2ErrorCode.INVALID_REQUEST);
|
||||
OAuth2Error oauth2Error = new OAuth2Error(OAuth2ErrorCodes.INVALID_REQUEST);
|
||||
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
|
||||
}
|
||||
AuthorizationResponse authorizationResponse = this.convert(request);
|
||||
OAuth2AuthorizationResponse authorizationResponse = this.convert(request);
|
||||
|
||||
AuthorizationRequest authorizationRequest = this.authorizationRequestRepository.loadAuthorizationRequest(request);
|
||||
OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestRepository.loadAuthorizationRequest(request);
|
||||
if (authorizationRequest == null) {
|
||||
OAuth2Error oauth2Error = new OAuth2Error(AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE);
|
||||
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
|
||||
}
|
||||
this.authorizationRequestRepository.removeAuthorizationRequest(request);
|
||||
|
||||
String registrationId = (String)authorizationRequest.getAdditionalParameters().get(OAuth2Parameter.REGISTRATION_ID);
|
||||
String registrationId = (String)authorizationRequest.getAdditionalParameters().get(OAuth2ParameterNames.REGISTRATION_ID);
|
||||
ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId);
|
||||
|
||||
// The clientRegistration.redirectUri may contain Uri template variables, whether it's configured by
|
||||
@ -133,7 +133,7 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce
|
||||
.build();
|
||||
|
||||
AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = new AuthorizationCodeAuthenticationToken(
|
||||
clientRegistration, new AuthorizationExchange(authorizationRequest, authorizationResponse));
|
||||
clientRegistration, new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse));
|
||||
authorizationCodeAuthentication.setDetails(this.authenticationDetailsSource.buildDetails(request));
|
||||
|
||||
OAuth2AuthenticationToken<OAuth2User, OAuth2AuthorizedClient> oauth2Authentication =
|
||||
@ -157,26 +157,26 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce
|
||||
this.authorizationRequestRepository = authorizationRequestRepository;
|
||||
}
|
||||
|
||||
public final void setAccessTokenRepository(OAuth2TokenRepository<AccessToken> accessTokenRepository) {
|
||||
public final void setAccessTokenRepository(OAuth2TokenRepository<OAuth2AccessToken> accessTokenRepository) {
|
||||
Assert.notNull(accessTokenRepository, "accessTokenRepository cannot be null");
|
||||
this.accessTokenRepository = accessTokenRepository;
|
||||
}
|
||||
|
||||
private AuthorizationResponse convert(HttpServletRequest request) {
|
||||
String code = request.getParameter(OAuth2Parameter.CODE);
|
||||
String errorCode = request.getParameter(OAuth2Parameter.ERROR);
|
||||
String state = request.getParameter(OAuth2Parameter.STATE);
|
||||
private OAuth2AuthorizationResponse convert(HttpServletRequest request) {
|
||||
String code = request.getParameter(OAuth2ParameterNames.CODE);
|
||||
String errorCode = request.getParameter(OAuth2ParameterNames.ERROR);
|
||||
String state = request.getParameter(OAuth2ParameterNames.STATE);
|
||||
String redirectUri = request.getRequestURL().toString();
|
||||
|
||||
if (StringUtils.hasText(code)) {
|
||||
return AuthorizationResponse.success(code)
|
||||
return OAuth2AuthorizationResponse.success(code)
|
||||
.redirectUri(redirectUri)
|
||||
.state(state)
|
||||
.build();
|
||||
} else {
|
||||
String errorDescription = request.getParameter(OAuth2Parameter.ERROR_DESCRIPTION);
|
||||
String errorUri = request.getParameter(OAuth2Parameter.ERROR_URI);
|
||||
return AuthorizationResponse.error(errorCode)
|
||||
String errorDescription = request.getParameter(OAuth2ParameterNames.ERROR_DESCRIPTION);
|
||||
String errorUri = request.getParameter(OAuth2ParameterNames.ERROR_URI);
|
||||
return OAuth2AuthorizationResponse.error(errorCode)
|
||||
.redirectUri(redirectUri)
|
||||
.errorDescription(errorDescription)
|
||||
.errorUri(errorUri)
|
||||
@ -186,12 +186,12 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce
|
||||
}
|
||||
|
||||
private boolean authorizationResponseSuccess(HttpServletRequest request) {
|
||||
return StringUtils.hasText(request.getParameter(OAuth2Parameter.CODE)) &&
|
||||
StringUtils.hasText(request.getParameter(OAuth2Parameter.STATE));
|
||||
return StringUtils.hasText(request.getParameter(OAuth2ParameterNames.CODE)) &&
|
||||
StringUtils.hasText(request.getParameter(OAuth2ParameterNames.STATE));
|
||||
}
|
||||
|
||||
private boolean authorizationResponseError(HttpServletRequest request) {
|
||||
return StringUtils.hasText(request.getParameter(OAuth2Parameter.ERROR)) &&
|
||||
StringUtils.hasText(request.getParameter(OAuth2Parameter.STATE));
|
||||
return StringUtils.hasText(request.getParameter(OAuth2ParameterNames.ERROR)) &&
|
||||
StringUtils.hasText(request.getParameter(OAuth2ParameterNames.STATE));
|
||||
}
|
||||
}
|
||||
|
||||
@ -17,7 +17,7 @@
|
||||
package org.springframework.security.oauth2.client.endpoint;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
|
||||
import java.net.URI;
|
||||
import java.util.Arrays;
|
||||
@ -35,7 +35,7 @@ public class DefaultAuthorizationRequestUriBuilderTests {
|
||||
|
||||
@Test
|
||||
public void buildWhenScopeMultiThenSeparatedByEncodedSpace() {
|
||||
AuthorizationRequest request = AuthorizationRequest.implicit()
|
||||
OAuth2AuthorizationRequest request = OAuth2AuthorizationRequest.implicit()
|
||||
.additionalParameters(Collections.singletonMap("foo","bar"))
|
||||
.authorizationUri("https://idp.example.com/oauth2/v2/auth")
|
||||
.clientId("client-id")
|
||||
|
||||
@ -23,7 +23,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.client.endpoint.AuthorizationRequestUriBuilder;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
@ -101,7 +101,7 @@ public class AuthorizationRequestRedirectFilterTests {
|
||||
Mockito.verifyZeroInteractions(filterChain); // Request should not proceed up the chain
|
||||
|
||||
// The authorization request attributes are saved in the session before the redirect happens
|
||||
AuthorizationRequest authorizationRequest =
|
||||
OAuth2AuthorizationRequest authorizationRequest =
|
||||
authorizationRequestRepository.loadAuthorizationRequest(request);
|
||||
Assertions.assertThat(authorizationRequest).isNotNull();
|
||||
|
||||
@ -119,7 +119,7 @@ public class AuthorizationRequestRedirectFilterTests {
|
||||
|
||||
AuthorizationRequestUriBuilder authorizationUriBuilder = Mockito.mock(AuthorizationRequestUriBuilder.class);
|
||||
URI authorizationURI = new URI(authorizationUri);
|
||||
Mockito.when(authorizationUriBuilder.build(Matchers.any(AuthorizationRequest.class))).thenReturn(authorizationURI);
|
||||
Mockito.when(authorizationUriBuilder.build(Matchers.any(OAuth2AuthorizationRequest.class))).thenReturn(authorizationURI);
|
||||
|
||||
return setupFilter(authorizationUriBuilder, clientRegistrations);
|
||||
}
|
||||
|
||||
@ -31,11 +31,11 @@ import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2ErrorCode;
|
||||
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;
|
||||
import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
|
||||
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
||||
@ -82,9 +82,9 @@ public class OAuth2LoginAuthenticationFilterTests {
|
||||
filter.setAuthenticationFailureHandler(failureHandler);
|
||||
|
||||
MockHttpServletRequest request = this.setupRequest(clientRegistration);
|
||||
String errorCode = OAuth2ErrorCode.INVALID_GRANT;
|
||||
request.addParameter(OAuth2Parameter.ERROR, errorCode);
|
||||
request.addParameter(OAuth2Parameter.STATE, "some state");
|
||||
String errorCode = OAuth2ErrorCodes.INVALID_GRANT;
|
||||
request.addParameter(OAuth2ParameterNames.ERROR, errorCode);
|
||||
request.addParameter(OAuth2ParameterNames.STATE, "some state");
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
FilterChain filterChain = mock(FilterChain.class);
|
||||
|
||||
@ -99,7 +99,7 @@ public class OAuth2LoginAuthenticationFilterTests {
|
||||
public void doFilterWhenAuthorizationCodeSuccessResponseThenAuthenticationSuccessHandlerIsCalled() throws Exception {
|
||||
ClientRegistration clientRegistration = TestUtil.githubClientRegistration();
|
||||
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
|
||||
clientRegistration, "principal", mock(AccessToken.class));
|
||||
clientRegistration, "principal", mock(OAuth2AccessToken.class));
|
||||
OAuth2AuthenticationToken userAuthentication = new OAuth2AuthenticationToken(
|
||||
mock(OAuth2User.class), AuthorityUtils.createAuthorityList("ROLE_USER"), authorizedClient);
|
||||
SecurityContextHolder.getContext().setAuthentication(userAuthentication);
|
||||
@ -115,8 +115,8 @@ public class OAuth2LoginAuthenticationFilterTests {
|
||||
MockHttpServletRequest request = this.setupRequest(clientRegistration);
|
||||
String authCode = "some code";
|
||||
String state = "some state";
|
||||
request.addParameter(OAuth2Parameter.CODE, authCode);
|
||||
request.addParameter(OAuth2Parameter.STATE, state);
|
||||
request.addParameter(OAuth2ParameterNames.CODE, authCode);
|
||||
request.addParameter(OAuth2ParameterNames.STATE, state);
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
setupAuthorizationRequest(authorizationRequestRepository, request, response, clientRegistration, state);
|
||||
FilterChain filterChain = mock(FilterChain.class);
|
||||
@ -142,8 +142,8 @@ public class OAuth2LoginAuthenticationFilterTests {
|
||||
MockHttpServletRequest request = this.setupRequest(clientRegistration);
|
||||
String authCode = "some code";
|
||||
String state = "some state";
|
||||
request.addParameter(OAuth2Parameter.CODE, authCode);
|
||||
request.addParameter(OAuth2Parameter.STATE, state);
|
||||
request.addParameter(OAuth2ParameterNames.CODE, authCode);
|
||||
request.addParameter(OAuth2ParameterNames.STATE, state);
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
FilterChain filterChain = mock(FilterChain.class);
|
||||
|
||||
@ -194,10 +194,10 @@ public class OAuth2LoginAuthenticationFilterTests {
|
||||
String state) {
|
||||
|
||||
Map<String,Object> additionalParameters = new HashMap<>();
|
||||
additionalParameters.put(OAuth2Parameter.REGISTRATION_ID, clientRegistration.getRegistrationId());
|
||||
additionalParameters.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId());
|
||||
|
||||
AuthorizationRequest authorizationRequest =
|
||||
AuthorizationRequest.authorizationCode()
|
||||
OAuth2AuthorizationRequest authorizationRequest =
|
||||
OAuth2AuthorizationRequest.authorizationCode()
|
||||
.clientId(clientRegistration.getClientId())
|
||||
.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
|
||||
.redirectUri(clientRegistration.getRedirectUri())
|
||||
|
||||
@ -34,15 +34,15 @@ import java.util.Set;
|
||||
* @since 5.0
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.4">Section 1.4 Access Token</a>
|
||||
*/
|
||||
public class AccessToken extends AbstractOAuth2Token {
|
||||
public class OAuth2AccessToken extends AbstractOAuth2Token {
|
||||
private final TokenType tokenType;
|
||||
private final Set<String> scopes;
|
||||
|
||||
public AccessToken(TokenType tokenType, String tokenValue, Instant issuedAt, Instant expiresAt) {
|
||||
public OAuth2AccessToken(TokenType tokenType, String tokenValue, Instant issuedAt, Instant expiresAt) {
|
||||
this(tokenType, tokenValue, issuedAt, expiresAt, Collections.emptySet());
|
||||
}
|
||||
|
||||
public AccessToken(TokenType tokenType, String tokenValue, Instant issuedAt, Instant expiresAt, Set<String> scopes) {
|
||||
public OAuth2AccessToken(TokenType tokenType, String tokenValue, Instant issuedAt, Instant expiresAt, Set<String> scopes) {
|
||||
super(tokenValue, issuedAt, expiresAt);
|
||||
Assert.notNull(tokenType, "tokenType cannot be null");
|
||||
this.tokenType = tokenType;
|
||||
@ -21,7 +21,7 @@ package org.springframework.security.oauth2.core;
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
*/
|
||||
public interface OAuth2ErrorCode {
|
||||
public interface OAuth2ErrorCodes {
|
||||
|
||||
String INVALID_REQUEST = "invalid_request";
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
*/
|
||||
package org.springframework.security.oauth2.core.endpoint;
|
||||
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.CollectionUtils;
|
||||
|
||||
@ -29,21 +29,21 @@ import java.util.Set;
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see AccessToken
|
||||
* @see OAuth2AccessToken
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-5.1">Section 5.1 Access Token Response</a>
|
||||
*/
|
||||
public final class TokenResponse {
|
||||
private AccessToken accessToken;
|
||||
public final class OAuth2AccessTokenResponse {
|
||||
private OAuth2AccessToken accessToken;
|
||||
private Map<String,Object> additionalParameters;
|
||||
|
||||
private TokenResponse() {
|
||||
private OAuth2AccessTokenResponse() {
|
||||
}
|
||||
|
||||
public String getTokenValue() {
|
||||
return this.accessToken.getTokenValue();
|
||||
}
|
||||
|
||||
public AccessToken.TokenType getTokenType() {
|
||||
public OAuth2AccessToken.TokenType getTokenType() {
|
||||
return this.accessToken.getTokenType();
|
||||
}
|
||||
|
||||
@ -69,7 +69,7 @@ public final class TokenResponse {
|
||||
|
||||
public static class Builder {
|
||||
private String tokenValue;
|
||||
private AccessToken.TokenType tokenType;
|
||||
private OAuth2AccessToken.TokenType tokenType;
|
||||
private long expiresIn;
|
||||
private Set<String> scopes;
|
||||
private Map<String,Object> additionalParameters;
|
||||
@ -78,7 +78,7 @@ public final class TokenResponse {
|
||||
this.tokenValue = tokenValue;
|
||||
}
|
||||
|
||||
public Builder tokenType(AccessToken.TokenType tokenType) {
|
||||
public Builder tokenType(OAuth2AccessToken.TokenType tokenType) {
|
||||
this.tokenType = tokenType;
|
||||
return this;
|
||||
}
|
||||
@ -98,15 +98,15 @@ public final class TokenResponse {
|
||||
return this;
|
||||
}
|
||||
|
||||
public TokenResponse build() {
|
||||
public OAuth2AccessTokenResponse build() {
|
||||
Assert.isTrue(this.expiresIn >= 0, "expiresIn must be a positive number");
|
||||
Instant issuedAt = Instant.now();
|
||||
TokenResponse tokenResponse = new TokenResponse();
|
||||
tokenResponse.accessToken = new AccessToken(this.tokenType, this.tokenValue, issuedAt,
|
||||
OAuth2AccessTokenResponse accessTokenResponse = new OAuth2AccessTokenResponse();
|
||||
accessTokenResponse.accessToken = new OAuth2AccessToken(this.tokenType, this.tokenValue, issuedAt,
|
||||
issuedAt.plusSeconds(this.expiresIn), this.scopes);
|
||||
tokenResponse.additionalParameters = Collections.unmodifiableMap(
|
||||
accessTokenResponse.additionalParameters = Collections.unmodifiableMap(
|
||||
CollectionUtils.isEmpty(this.additionalParameters) ? Collections.emptyMap() : this.additionalParameters);
|
||||
return tokenResponse;
|
||||
return accessTokenResponse;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -23,26 +23,26 @@ import org.springframework.util.Assert;
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see AuthorizationRequest
|
||||
* @see AuthorizationResponse
|
||||
* @see OAuth2AuthorizationRequest
|
||||
* @see OAuth2AuthorizationResponse
|
||||
*/
|
||||
public final class AuthorizationExchange {
|
||||
private final AuthorizationRequest authorizationRequest;
|
||||
private final AuthorizationResponse authorizationResponse;
|
||||
public final class OAuth2AuthorizationExchange {
|
||||
private final OAuth2AuthorizationRequest authorizationRequest;
|
||||
private final OAuth2AuthorizationResponse authorizationResponse;
|
||||
|
||||
public AuthorizationExchange(AuthorizationRequest authorizationRequest,
|
||||
AuthorizationResponse authorizationResponse) {
|
||||
public OAuth2AuthorizationExchange(OAuth2AuthorizationRequest authorizationRequest,
|
||||
OAuth2AuthorizationResponse authorizationResponse) {
|
||||
Assert.notNull(authorizationRequest, "authorizationRequest cannot be null");
|
||||
Assert.notNull(authorizationResponse, "authorizationResponse cannot be null");
|
||||
this.authorizationRequest = authorizationRequest;
|
||||
this.authorizationResponse = authorizationResponse;
|
||||
}
|
||||
|
||||
public AuthorizationRequest getAuthorizationRequest() {
|
||||
public OAuth2AuthorizationRequest getAuthorizationRequest() {
|
||||
return this.authorizationRequest;
|
||||
}
|
||||
|
||||
public AuthorizationResponse getAuthorizationResponse() {
|
||||
public OAuth2AuthorizationResponse getAuthorizationResponse() {
|
||||
return this.authorizationResponse;
|
||||
}
|
||||
}
|
||||
@ -36,22 +36,22 @@ import java.util.stream.Collectors;
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see AuthorizationGrantType
|
||||
* @see ResponseType
|
||||
* @see OAuth2AuthorizationResponseType
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.1">Section 4.1.1 Authorization Code Grant Request</a>
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.2.1">Section 4.2.1 Implicit Grant Request</a>
|
||||
*/
|
||||
public final class AuthorizationRequest implements Serializable {
|
||||
public final class OAuth2AuthorizationRequest implements Serializable {
|
||||
private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
|
||||
private String authorizationUri;
|
||||
private AuthorizationGrantType authorizationGrantType;
|
||||
private ResponseType responseType;
|
||||
private OAuth2AuthorizationResponseType responseType;
|
||||
private String clientId;
|
||||
private String redirectUri;
|
||||
private Set<String> scopes;
|
||||
private String state;
|
||||
private Map<String,Object> additionalParameters;
|
||||
|
||||
private AuthorizationRequest() {
|
||||
private OAuth2AuthorizationRequest() {
|
||||
}
|
||||
|
||||
public String getAuthorizationUri() {
|
||||
@ -62,7 +62,7 @@ public final class AuthorizationRequest implements Serializable {
|
||||
return this.authorizationGrantType;
|
||||
}
|
||||
|
||||
public ResponseType getResponseType() {
|
||||
public OAuth2AuthorizationResponseType getResponseType() {
|
||||
return this.responseType;
|
||||
}
|
||||
|
||||
@ -97,7 +97,7 @@ public final class AuthorizationRequest implements Serializable {
|
||||
public static class Builder {
|
||||
private String authorizationUri;
|
||||
private AuthorizationGrantType authorizationGrantType;
|
||||
private ResponseType responseType;
|
||||
private OAuth2AuthorizationResponseType responseType;
|
||||
private String clientId;
|
||||
private String redirectUri;
|
||||
private Set<String> scopes;
|
||||
@ -108,9 +108,9 @@ public final class AuthorizationRequest implements Serializable {
|
||||
Assert.notNull(authorizationGrantType, "authorizationGrantType cannot be null");
|
||||
this.authorizationGrantType = authorizationGrantType;
|
||||
if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(authorizationGrantType)) {
|
||||
this.responseType = ResponseType.CODE;
|
||||
this.responseType = OAuth2AuthorizationResponseType.CODE;
|
||||
} else if (AuthorizationGrantType.IMPLICIT.equals(authorizationGrantType)) {
|
||||
this.responseType = ResponseType.TOKEN;
|
||||
this.responseType = OAuth2AuthorizationResponseType.TOKEN;
|
||||
}
|
||||
}
|
||||
|
||||
@ -152,14 +152,14 @@ public final class AuthorizationRequest implements Serializable {
|
||||
return this;
|
||||
}
|
||||
|
||||
public AuthorizationRequest build() {
|
||||
public OAuth2AuthorizationRequest build() {
|
||||
Assert.hasText(this.authorizationUri, "authorizationUri cannot be empty");
|
||||
Assert.hasText(this.clientId, "clientId cannot be empty");
|
||||
if (AuthorizationGrantType.IMPLICIT.equals(this.authorizationGrantType)) {
|
||||
Assert.hasText(this.redirectUri, "redirectUri cannot be empty");
|
||||
}
|
||||
|
||||
AuthorizationRequest authorizationRequest = new AuthorizationRequest();
|
||||
OAuth2AuthorizationRequest authorizationRequest = new OAuth2AuthorizationRequest();
|
||||
authorizationRequest.authorizationUri = this.authorizationUri;
|
||||
authorizationRequest.authorizationGrantType = this.authorizationGrantType;
|
||||
authorizationRequest.responseType = this.responseType;
|
||||
@ -26,13 +26,13 @@ import org.springframework.util.StringUtils;
|
||||
* @since 5.0
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.2">Section 4.1.2 Authorization Response</a>
|
||||
*/
|
||||
public final class AuthorizationResponse {
|
||||
public final class OAuth2AuthorizationResponse {
|
||||
private String redirectUri;
|
||||
private String state;
|
||||
private String code;
|
||||
private OAuth2Error error;
|
||||
|
||||
private AuthorizationResponse() {
|
||||
private OAuth2AuthorizationResponse() {
|
||||
}
|
||||
|
||||
public String getRedirectUri() {
|
||||
@ -110,13 +110,13 @@ public final class AuthorizationResponse {
|
||||
return this;
|
||||
}
|
||||
|
||||
public AuthorizationResponse build() {
|
||||
public OAuth2AuthorizationResponse build() {
|
||||
if (StringUtils.hasText(this.code) && StringUtils.hasText(this.errorCode)) {
|
||||
throw new IllegalArgumentException("code and errorCode cannot both be set");
|
||||
}
|
||||
Assert.hasText(this.redirectUri, "redirectUri cannot be empty");
|
||||
|
||||
AuthorizationResponse authorizationResponse = new AuthorizationResponse();
|
||||
OAuth2AuthorizationResponse authorizationResponse = new OAuth2AuthorizationResponse();
|
||||
authorizationResponse.redirectUri = this.redirectUri;
|
||||
authorizationResponse.state = this.state;
|
||||
if (StringUtils.hasText(this.code)) {
|
||||
@ -33,13 +33,13 @@ import java.io.Serializable;
|
||||
* @since 5.0
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-3.1.1">Section 3.1.1 Response Type</a>
|
||||
*/
|
||||
public final class ResponseType implements Serializable {
|
||||
public final class OAuth2AuthorizationResponseType implements Serializable {
|
||||
private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
|
||||
public static final ResponseType CODE = new ResponseType("code");
|
||||
public static final ResponseType TOKEN = new ResponseType("token");
|
||||
public static final OAuth2AuthorizationResponseType CODE = new OAuth2AuthorizationResponseType("code");
|
||||
public static final OAuth2AuthorizationResponseType TOKEN = new OAuth2AuthorizationResponseType("token");
|
||||
private final String value;
|
||||
|
||||
private ResponseType(String value) {
|
||||
private OAuth2AuthorizationResponseType(String value) {
|
||||
Assert.hasText(value, "value cannot be empty");
|
||||
this.value = value;
|
||||
}
|
||||
@ -56,7 +56,7 @@ public final class ResponseType implements Serializable {
|
||||
if (obj == null || this.getClass() != obj.getClass()) {
|
||||
return false;
|
||||
}
|
||||
ResponseType that = (ResponseType) obj;
|
||||
OAuth2AuthorizationResponseType that = (OAuth2AuthorizationResponseType) obj;
|
||||
return this.getValue().equals(that.getValue());
|
||||
}
|
||||
|
||||
@ -16,14 +16,14 @@
|
||||
package org.springframework.security.oauth2.core.endpoint;
|
||||
|
||||
/**
|
||||
* Standard and additional (custom) parameters defined in the OAuth Parameters Registry
|
||||
* Standard and additional (custom) parameter names defined in the OAuth Parameters Registry
|
||||
* and used by the authorization endpoint and token endpoint.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-11.2">11.2 OAuth Parameters Registry</a>
|
||||
*/
|
||||
public interface OAuth2Parameter {
|
||||
public interface OAuth2ParameterNames {
|
||||
|
||||
String RESPONSE_TYPE = "response_type";
|
||||
|
||||
@ -25,7 +25,7 @@ package org.springframework.security.oauth2.core.oidc;
|
||||
* @see <a target="_blank" href="http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse">UserInfo Response</a>
|
||||
* @see <a target="_blank" href="http://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
|
||||
*/
|
||||
public interface Address {
|
||||
public interface AddressStandardClaim {
|
||||
|
||||
String getFormatted();
|
||||
|
||||
@ -18,13 +18,13 @@ package org.springframework.security.oauth2.core.oidc;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* The default implementation of an {@link Address}.
|
||||
* The default implementation of an {@link AddressStandardClaim Address Claim}.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see Address
|
||||
* @see AddressStandardClaim
|
||||
*/
|
||||
public final class DefaultAddress implements Address {
|
||||
public final class DefaultAddressStandardClaim implements AddressStandardClaim {
|
||||
private String formatted;
|
||||
private String streetAddress;
|
||||
private String locality;
|
||||
@ -32,7 +32,7 @@ public final class DefaultAddress implements Address {
|
||||
private String postalCode;
|
||||
private String country;
|
||||
|
||||
private DefaultAddress() {
|
||||
private DefaultAddressStandardClaim() {
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -121,8 +121,8 @@ public final class DefaultAddress implements Address {
|
||||
return this;
|
||||
}
|
||||
|
||||
public Address build() {
|
||||
DefaultAddress address = new DefaultAddress();
|
||||
public AddressStandardClaim build() {
|
||||
DefaultAddressStandardClaim address = new DefaultAddressStandardClaim();
|
||||
address.formatted = this.formatted;
|
||||
address.streetAddress = this.streetAddress;
|
||||
address.locality = this.locality;
|
||||
@ -27,9 +27,9 @@ import java.util.List;
|
||||
*
|
||||
* @see ClaimAccessor
|
||||
* @see StandardClaimAccessor
|
||||
* @see StandardClaim
|
||||
* @see IdTokenClaim
|
||||
* @see IdToken
|
||||
* @see StandardClaimNames
|
||||
* @see IdTokenClaimNames
|
||||
* @see OidcIdToken
|
||||
* @see <a target="_blank" href="http://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
|
||||
* @see <a target="_blank" href="http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">Standard Claims</a>
|
||||
* @author Joe Grandja
|
||||
@ -38,50 +38,50 @@ import java.util.List;
|
||||
public interface IdTokenClaimAccessor extends StandardClaimAccessor {
|
||||
|
||||
default URL getIssuer() {
|
||||
return this.getClaimAsURL(IdTokenClaim.ISS);
|
||||
return this.getClaimAsURL(IdTokenClaimNames.ISS);
|
||||
}
|
||||
|
||||
default String getSubject() {
|
||||
return this.getClaimAsString(IdTokenClaim.SUB);
|
||||
return this.getClaimAsString(IdTokenClaimNames.SUB);
|
||||
}
|
||||
|
||||
default List<String> getAudience() {
|
||||
return this.getClaimAsStringList(IdTokenClaim.AUD);
|
||||
return this.getClaimAsStringList(IdTokenClaimNames.AUD);
|
||||
}
|
||||
|
||||
default Instant getExpiresAt() {
|
||||
return this.getClaimAsInstant(IdTokenClaim.EXP);
|
||||
return this.getClaimAsInstant(IdTokenClaimNames.EXP);
|
||||
}
|
||||
|
||||
default Instant getIssuedAt() {
|
||||
return this.getClaimAsInstant(IdTokenClaim.IAT);
|
||||
return this.getClaimAsInstant(IdTokenClaimNames.IAT);
|
||||
}
|
||||
|
||||
default Instant getAuthenticatedAt() {
|
||||
return this.getClaimAsInstant(IdTokenClaim.AUTH_TIME);
|
||||
return this.getClaimAsInstant(IdTokenClaimNames.AUTH_TIME);
|
||||
}
|
||||
|
||||
default String getNonce() {
|
||||
return this.getClaimAsString(IdTokenClaim.NONCE);
|
||||
return this.getClaimAsString(IdTokenClaimNames.NONCE);
|
||||
}
|
||||
|
||||
default String getAuthenticationContextClass() {
|
||||
return this.getClaimAsString(IdTokenClaim.ACR);
|
||||
return this.getClaimAsString(IdTokenClaimNames.ACR);
|
||||
}
|
||||
|
||||
default List<String> getAuthenticationMethods() {
|
||||
return this.getClaimAsStringList(IdTokenClaim.AMR);
|
||||
return this.getClaimAsStringList(IdTokenClaimNames.AMR);
|
||||
}
|
||||
|
||||
default String getAuthorizedParty() {
|
||||
return this.getClaimAsString(IdTokenClaim.AZP);
|
||||
return this.getClaimAsString(IdTokenClaimNames.AZP);
|
||||
}
|
||||
|
||||
default String getAccessTokenHash() {
|
||||
return this.getClaimAsString(IdTokenClaim.AT_HASH);
|
||||
return this.getClaimAsString(IdTokenClaimNames.AT_HASH);
|
||||
}
|
||||
|
||||
default String getAuthorizationCodeHash() {
|
||||
return this.getClaimAsString(IdTokenClaim.C_HASH);
|
||||
return this.getClaimAsString(IdTokenClaimNames.C_HASH);
|
||||
}
|
||||
}
|
||||
|
||||
@ -16,16 +16,16 @@
|
||||
package org.springframework.security.oauth2.core.oidc;
|
||||
|
||||
/**
|
||||
* The "Claims" defined by the <i>OpenID Connect Core 1.0</i> specification
|
||||
* The names of the "Claims" defined by the <i>OpenID Connect Core 1.0</i> specification
|
||||
* that can be returned in the <i>ID Token</i>.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see IdToken
|
||||
* @see OidcIdToken
|
||||
* @see <a target="_blank" href="http://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
|
||||
*/
|
||||
|
||||
public interface IdTokenClaim {
|
||||
public interface IdTokenClaimNames {
|
||||
|
||||
String ISS = "iss";
|
||||
|
||||
@ -27,7 +27,7 @@ import java.util.Map;
|
||||
* An implementation of an {@link AbstractOAuth2Token} representing an <i>OpenID Connect Core 1.0 ID Token</i>.
|
||||
*
|
||||
* <p>
|
||||
* The <code>IdToken</code> is a security token that contains "Claims"
|
||||
* The <code>OidcIdToken</code> is a security token that contains "Claims"
|
||||
* about the authentication of an End-User by an Authorization Server.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
@ -38,10 +38,10 @@ import java.util.Map;
|
||||
* @see <a target="_blank" href="http://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
|
||||
* @see <a target="_blank" href="http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">Standard Claims</a>
|
||||
*/
|
||||
public class IdToken extends AbstractOAuth2Token implements IdTokenClaimAccessor {
|
||||
public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAccessor {
|
||||
private final Map<String, Object> claims;
|
||||
|
||||
public IdToken(String tokenValue, Instant issuedAt, Instant expiresAt, Map<String, Object> claims) {
|
||||
public OidcIdToken(String tokenValue, Instant issuedAt, Instant expiresAt, Map<String, Object> claims) {
|
||||
super(tokenValue, issuedAt, expiresAt);
|
||||
Assert.notEmpty(claims, "claims cannot be empty");
|
||||
this.claims = Collections.unmodifiableMap(new LinkedHashMap<>(claims));
|
||||
@ -15,22 +15,22 @@
|
||||
*/
|
||||
package org.springframework.security.oauth2.core.oidc;
|
||||
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
|
||||
/**
|
||||
* The <i>scope</i> values defined by the <i>OpenID Connect Core 1.0</i> specification
|
||||
* that can be used to request {@link StandardClaim Claims}.
|
||||
* that can be used to request {@link StandardClaimNames Claims}.
|
||||
* <p>
|
||||
* The scope(s) associated to an {@link AccessToken} determine what claims (resources)
|
||||
* The scope(s) associated to an {@link OAuth2AccessToken} determine what claims (resources)
|
||||
* will be available when they are used to access <i>OAuth 2.0 Protected Endpoints</i>,
|
||||
* such as the <i>UserInfo Endpoint</i>.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see StandardClaim
|
||||
* @see StandardClaimNames
|
||||
* @see <a target="_blank" href="http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims">Requesting Claims using Scope Values</a>
|
||||
*/
|
||||
public interface OidcScope {
|
||||
public interface OidcScopes {
|
||||
|
||||
String OPENID = "openid";
|
||||
|
||||
@ -26,7 +26,7 @@ import java.util.Map;
|
||||
* from the OAuth 2.0 Protected Resource <i>UserInfo Endpoint</i>.
|
||||
*
|
||||
* <p>
|
||||
* The <code>UserInfo</code> contains a set of "Standard Claims" about the authentication of an End-User.
|
||||
* The <code>OidcUserInfo</code> contains a set of "Standard Claims" about the authentication of an End-User.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
@ -35,10 +35,10 @@ import java.util.Map;
|
||||
* @see <a target="_blank" href="http://openid.net/specs/openid-connect-core-1_0.html#UserInfo">UserInfo Endpoint</a>
|
||||
* @see <a target="_blank" href="http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">Standard Claims</a>
|
||||
*/
|
||||
public class UserInfo implements StandardClaimAccessor {
|
||||
public class OidcUserInfo implements StandardClaimAccessor {
|
||||
private final Map<String, Object> claims;
|
||||
|
||||
public UserInfo(Map<String, Object> claims) {
|
||||
public OidcUserInfo(Map<String, Object> claims) {
|
||||
Assert.notEmpty(claims, "claims cannot be empty");
|
||||
this.claims = Collections.unmodifiableMap(new LinkedHashMap<>(claims));
|
||||
}
|
||||
@ -57,7 +57,7 @@ public class UserInfo implements StandardClaimAccessor {
|
||||
return false;
|
||||
}
|
||||
|
||||
UserInfo that = (UserInfo) obj;
|
||||
OidcUserInfo that = (OidcUserInfo) obj;
|
||||
|
||||
return this.getClaims().equals(that.getClaims());
|
||||
}
|
||||
@ -26,8 +26,8 @@ import java.util.Map;
|
||||
* either in the <i>UserInfo Response</i> or the <i>ID Token</i>.
|
||||
*
|
||||
* @see ClaimAccessor
|
||||
* @see StandardClaim
|
||||
* @see UserInfo
|
||||
* @see StandardClaimNames
|
||||
* @see OidcUserInfo
|
||||
* @see <a target="_blank" href="http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse">UserInfo Response</a>
|
||||
* @see <a target="_blank" href="http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">Standard Claims</a>
|
||||
* @author Joe Grandja
|
||||
@ -36,85 +36,85 @@ import java.util.Map;
|
||||
public interface StandardClaimAccessor extends ClaimAccessor {
|
||||
|
||||
default String getSubject() {
|
||||
return this.getClaimAsString(StandardClaim.SUB);
|
||||
return this.getClaimAsString(StandardClaimNames.SUB);
|
||||
}
|
||||
|
||||
default String getFullName() {
|
||||
return this.getClaimAsString(StandardClaim.NAME);
|
||||
return this.getClaimAsString(StandardClaimNames.NAME);
|
||||
}
|
||||
|
||||
default String getGivenName() {
|
||||
return this.getClaimAsString(StandardClaim.GIVEN_NAME);
|
||||
return this.getClaimAsString(StandardClaimNames.GIVEN_NAME);
|
||||
}
|
||||
|
||||
default String getFamilyName() {
|
||||
return this.getClaimAsString(StandardClaim.FAMILY_NAME);
|
||||
return this.getClaimAsString(StandardClaimNames.FAMILY_NAME);
|
||||
}
|
||||
|
||||
default String getMiddleName() {
|
||||
return this.getClaimAsString(StandardClaim.MIDDLE_NAME);
|
||||
return this.getClaimAsString(StandardClaimNames.MIDDLE_NAME);
|
||||
}
|
||||
|
||||
default String getNickName() {
|
||||
return this.getClaimAsString(StandardClaim.NICKNAME);
|
||||
return this.getClaimAsString(StandardClaimNames.NICKNAME);
|
||||
}
|
||||
|
||||
default String getPreferredUsername() {
|
||||
return this.getClaimAsString(StandardClaim.PREFERRED_USERNAME);
|
||||
return this.getClaimAsString(StandardClaimNames.PREFERRED_USERNAME);
|
||||
}
|
||||
|
||||
default String getProfile() {
|
||||
return this.getClaimAsString(StandardClaim.PROFILE);
|
||||
return this.getClaimAsString(StandardClaimNames.PROFILE);
|
||||
}
|
||||
|
||||
default String getPicture() {
|
||||
return this.getClaimAsString(StandardClaim.PICTURE);
|
||||
return this.getClaimAsString(StandardClaimNames.PICTURE);
|
||||
}
|
||||
|
||||
default String getWebsite() {
|
||||
return this.getClaimAsString(StandardClaim.WEBSITE);
|
||||
return this.getClaimAsString(StandardClaimNames.WEBSITE);
|
||||
}
|
||||
|
||||
default String getEmail() {
|
||||
return this.getClaimAsString(StandardClaim.EMAIL);
|
||||
return this.getClaimAsString(StandardClaimNames.EMAIL);
|
||||
}
|
||||
|
||||
default Boolean getEmailVerified() {
|
||||
return this.getClaimAsBoolean(StandardClaim.EMAIL_VERIFIED);
|
||||
return this.getClaimAsBoolean(StandardClaimNames.EMAIL_VERIFIED);
|
||||
}
|
||||
|
||||
default String getGender() {
|
||||
return this.getClaimAsString(StandardClaim.GENDER);
|
||||
return this.getClaimAsString(StandardClaimNames.GENDER);
|
||||
}
|
||||
|
||||
default String getBirthdate() {
|
||||
return this.getClaimAsString(StandardClaim.BIRTHDATE);
|
||||
return this.getClaimAsString(StandardClaimNames.BIRTHDATE);
|
||||
}
|
||||
|
||||
default String getZoneInfo() {
|
||||
return this.getClaimAsString(StandardClaim.ZONEINFO);
|
||||
return this.getClaimAsString(StandardClaimNames.ZONEINFO);
|
||||
}
|
||||
|
||||
default String getLocale() {
|
||||
return this.getClaimAsString(StandardClaim.LOCALE);
|
||||
return this.getClaimAsString(StandardClaimNames.LOCALE);
|
||||
}
|
||||
|
||||
default String getPhoneNumber() {
|
||||
return this.getClaimAsString(StandardClaim.PHONE_NUMBER);
|
||||
return this.getClaimAsString(StandardClaimNames.PHONE_NUMBER);
|
||||
}
|
||||
|
||||
default Boolean getPhoneNumberVerified() {
|
||||
return this.getClaimAsBoolean(StandardClaim.PHONE_NUMBER_VERIFIED);
|
||||
return this.getClaimAsBoolean(StandardClaimNames.PHONE_NUMBER_VERIFIED);
|
||||
}
|
||||
|
||||
default Address getAddress() {
|
||||
Map<String, Object> addressFields = this.getClaimAsMap(StandardClaim.ADDRESS);
|
||||
default AddressStandardClaim getAddress() {
|
||||
Map<String, Object> addressFields = this.getClaimAsMap(StandardClaimNames.ADDRESS);
|
||||
return (!CollectionUtils.isEmpty(addressFields) ?
|
||||
new DefaultAddress.Builder(addressFields).build() :
|
||||
new DefaultAddress.Builder().build());
|
||||
new DefaultAddressStandardClaim.Builder(addressFields).build() :
|
||||
new DefaultAddressStandardClaim.Builder().build());
|
||||
}
|
||||
|
||||
default Instant getUpdatedAt() {
|
||||
return this.getClaimAsInstant(StandardClaim.UPDATED_AT);
|
||||
return this.getClaimAsInstant(StandardClaimNames.UPDATED_AT);
|
||||
}
|
||||
}
|
||||
|
||||
@ -16,7 +16,7 @@
|
||||
package org.springframework.security.oauth2.core.oidc;
|
||||
|
||||
/**
|
||||
* The "Standard Claims" defined by the <i>OpenID Connect Core 1.0</i> specification
|
||||
* The names of the "Standard Claims" defined by the <i>OpenID Connect Core 1.0</i> specification
|
||||
* that can be returned either in the <i>UserInfo Response</i> or the <i>ID Token</i>.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
@ -25,7 +25,7 @@ package org.springframework.security.oauth2.core.oidc;
|
||||
* @see <a target="_blank" href="http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse">UserInfo Response</a>
|
||||
* @see <a target="_blank" href="http://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
|
||||
*/
|
||||
public interface StandardClaim {
|
||||
public interface StandardClaimNames {
|
||||
|
||||
String SUB = "sub";
|
||||
|
||||
@ -16,14 +16,14 @@
|
||||
package org.springframework.security.oauth2.core.oidc.endpoint;
|
||||
|
||||
/**
|
||||
* Standard parameters defined in the OAuth Parameters Registry
|
||||
* Standard parameter names defined in the OAuth Parameters Registry
|
||||
* and used by the authorization endpoint and token endpoint.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see <a target="_blank" href="http://openid.net/specs/openid-connect-core-1_0.html#OAuthParametersRegistry">18.2 OAuth Parameters Registration</a>
|
||||
*/
|
||||
public interface OidcParameter {
|
||||
public interface OidcParameterNames {
|
||||
|
||||
String ID_TOKEN = "id_token";
|
||||
|
||||
@ -17,11 +17,10 @@
|
||||
package org.springframework.security.oauth2.core.oidc.user;
|
||||
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
|
||||
import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
|
||||
import org.springframework.security.oauth2.core.oidc.IdToken;
|
||||
import org.springframework.security.oauth2.core.oidc.IdTokenClaim;
|
||||
import org.springframework.security.oauth2.core.oidc.UserInfo;
|
||||
import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
|
||||
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
@ -32,34 +31,34 @@ import java.util.Set;
|
||||
* <p>
|
||||
* The claim used for accessing the "name" of the
|
||||
* user <code>Principal</code> via {@link #getClaims()}
|
||||
* is {@link IdTokenClaim#SUB}.
|
||||
* is {@link IdTokenClaimNames#SUB}.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @author Vedran Pavic
|
||||
* @since 5.0
|
||||
* @see OidcUser
|
||||
* @see DefaultOAuth2User
|
||||
* @see IdToken
|
||||
* @see UserInfo
|
||||
* @see OidcIdToken
|
||||
* @see OidcUserInfo
|
||||
*/
|
||||
public class DefaultOidcUser extends DefaultOAuth2User implements OidcUser {
|
||||
private final IdToken idToken;
|
||||
private final UserInfo userInfo;
|
||||
private final OidcIdToken idToken;
|
||||
private final OidcUserInfo userInfo;
|
||||
|
||||
public DefaultOidcUser(Set<GrantedAuthority> authorities, IdToken idToken) {
|
||||
this(authorities, idToken, IdTokenClaim.SUB);
|
||||
public DefaultOidcUser(Set<GrantedAuthority> authorities, OidcIdToken idToken) {
|
||||
this(authorities, idToken, IdTokenClaimNames.SUB);
|
||||
}
|
||||
|
||||
public DefaultOidcUser(Set<GrantedAuthority> authorities, IdToken idToken, String nameAttributeKey) {
|
||||
public DefaultOidcUser(Set<GrantedAuthority> authorities, OidcIdToken idToken, String nameAttributeKey) {
|
||||
this(authorities, idToken, null, nameAttributeKey);
|
||||
}
|
||||
|
||||
public DefaultOidcUser(Set<GrantedAuthority> authorities, IdToken idToken, UserInfo userInfo) {
|
||||
this(authorities, idToken, userInfo, IdTokenClaim.SUB);
|
||||
public DefaultOidcUser(Set<GrantedAuthority> authorities, OidcIdToken idToken, OidcUserInfo userInfo) {
|
||||
this(authorities, idToken, userInfo, IdTokenClaimNames.SUB);
|
||||
}
|
||||
|
||||
public DefaultOidcUser(Set<GrantedAuthority> authorities, IdToken idToken, UserInfo userInfo,
|
||||
String nameAttributeKey) {
|
||||
public DefaultOidcUser(Set<GrantedAuthority> authorities, OidcIdToken idToken, OidcUserInfo userInfo,
|
||||
String nameAttributeKey) {
|
||||
super(authorities, OidcUser.collectClaims(idToken, userInfo), nameAttributeKey);
|
||||
this.idToken = idToken;
|
||||
this.userInfo = userInfo;
|
||||
@ -70,11 +69,11 @@ public class DefaultOidcUser extends DefaultOAuth2User implements OidcUser {
|
||||
return this.getAttributes();
|
||||
}
|
||||
|
||||
public IdToken getIdToken() {
|
||||
public OidcIdToken getIdToken() {
|
||||
return this.idToken;
|
||||
}
|
||||
|
||||
public UserInfo getUserInfo() {
|
||||
public OidcUserInfo getUserInfo() {
|
||||
return this.userInfo;
|
||||
}
|
||||
}
|
||||
|
||||
@ -17,11 +17,11 @@ package org.springframework.security.oauth2.core.oidc.user;
|
||||
|
||||
import org.springframework.security.core.AuthenticatedPrincipal;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
import org.springframework.security.oauth2.core.oidc.IdToken;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
|
||||
import org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor;
|
||||
import org.springframework.security.oauth2.core.oidc.StandardClaimAccessor;
|
||||
import org.springframework.security.oauth2.core.oidc.UserInfo;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import java.util.HashMap;
|
||||
@ -33,7 +33,7 @@ import java.util.Map;
|
||||
*
|
||||
* <p>
|
||||
* An <code>OidcUser</code> contains "Claims" about the Authentication of the End-User.
|
||||
* The claims are aggregated from the <code>IdToken</code> and optionally the <code>UserInfo</code>.
|
||||
* The claims are aggregated from the <code>OidcIdToken</code> and optionally the <code>OidcUserInfo</code>.
|
||||
*
|
||||
* <p>
|
||||
* Implementation instances of this interface represent an {@link AuthenticatedPrincipal}
|
||||
@ -44,8 +44,8 @@ import java.util.Map;
|
||||
* @since 5.0
|
||||
* @see DefaultOidcUser
|
||||
* @see OAuth2User
|
||||
* @see IdToken
|
||||
* @see UserInfo
|
||||
* @see OidcIdToken
|
||||
* @see OidcUserInfo
|
||||
* @see IdTokenClaimAccessor
|
||||
* @see StandardClaimAccessor
|
||||
* @see <a target="_blank" href="http://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
|
||||
@ -55,7 +55,7 @@ public interface OidcUser extends OAuth2User, IdTokenClaimAccessor {
|
||||
|
||||
Map<String, Object> getClaims();
|
||||
|
||||
static Map<String, Object> collectClaims(IdToken idToken, UserInfo userInfo) {
|
||||
static Map<String, Object> collectClaims(OidcIdToken idToken, OidcUserInfo userInfo) {
|
||||
Assert.notNull(idToken, "idToken cannot be null");
|
||||
Map<String, Object> claims = new HashMap<>();
|
||||
if (userInfo != null) {
|
||||
|
||||
@ -16,10 +16,9 @@
|
||||
package org.springframework.security.oauth2.core.oidc.user;
|
||||
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
|
||||
import org.springframework.security.oauth2.core.oidc.IdToken;
|
||||
import org.springframework.security.oauth2.core.oidc.UserInfo;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
|
||||
|
||||
/**
|
||||
* A {@link GrantedAuthority} that is associated with an {@link OidcUser}.
|
||||
@ -29,28 +28,28 @@ import org.springframework.security.oauth2.core.oidc.UserInfo;
|
||||
* @see OidcUser
|
||||
*/
|
||||
public class OidcUserAuthority extends OAuth2UserAuthority {
|
||||
private final IdToken idToken;
|
||||
private final UserInfo userInfo;
|
||||
private final OidcIdToken idToken;
|
||||
private final OidcUserInfo userInfo;
|
||||
|
||||
public OidcUserAuthority(IdToken idToken) {
|
||||
public OidcUserAuthority(OidcIdToken idToken) {
|
||||
this(idToken, null);
|
||||
}
|
||||
|
||||
public OidcUserAuthority(IdToken idToken, UserInfo userInfo) {
|
||||
public OidcUserAuthority(OidcIdToken idToken, OidcUserInfo userInfo) {
|
||||
this("ROLE_USER", idToken, userInfo);
|
||||
}
|
||||
|
||||
public OidcUserAuthority(String authority, IdToken idToken, UserInfo userInfo) {
|
||||
public OidcUserAuthority(String authority, OidcIdToken idToken, OidcUserInfo userInfo) {
|
||||
super(authority, OidcUser.collectClaims(idToken, userInfo));
|
||||
this.idToken = idToken;
|
||||
this.userInfo = userInfo;
|
||||
}
|
||||
|
||||
public IdToken getIdToken() {
|
||||
public OidcIdToken getIdToken() {
|
||||
return this.idToken;
|
||||
}
|
||||
|
||||
public UserInfo getUserInfo() {
|
||||
public OidcUserInfo getUserInfo() {
|
||||
return this.userInfo;
|
||||
}
|
||||
|
||||
|
||||
@ -16,16 +16,16 @@
|
||||
package org.springframework.security.oauth2.core.endpoint;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
|
||||
import java.util.Collections;
|
||||
|
||||
/**
|
||||
* Tests {@link TokenResponse}
|
||||
* Tests {@link OAuth2AccessTokenResponse}
|
||||
*
|
||||
* @author Luander Ribeiro
|
||||
*/
|
||||
public class TokenResponseTest {
|
||||
public class OAuth2AccessTokenResponseTests {
|
||||
|
||||
private static final String TOKEN = "token";
|
||||
private static final long INVALID_EXPIRES_IN = -1L;
|
||||
@ -33,27 +33,27 @@ public class TokenResponseTest {
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void buildWhenTokenValueIsNullThenThrowIllegalArgumentException() {
|
||||
TokenResponse.withToken(null)
|
||||
OAuth2AccessTokenResponse.withToken(null)
|
||||
.expiresIn(EXPIRES_IN)
|
||||
.additionalParameters(Collections.emptyMap())
|
||||
.scopes(Collections.emptySet())
|
||||
.tokenType(AccessToken.TokenType.BEARER)
|
||||
.tokenType(OAuth2AccessToken.TokenType.BEARER)
|
||||
.build();
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void buildWhenExpiresInIsNegativeThenThrowIllegalArgumentException() {
|
||||
TokenResponse.withToken(TOKEN)
|
||||
OAuth2AccessTokenResponse.withToken(TOKEN)
|
||||
.expiresIn(INVALID_EXPIRES_IN)
|
||||
.additionalParameters(Collections.emptyMap())
|
||||
.scopes(Collections.emptySet())
|
||||
.tokenType(AccessToken.TokenType.BEARER)
|
||||
.tokenType(OAuth2AccessToken.TokenType.BEARER)
|
||||
.build();
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void buildWhenTokenTypeIsInvalidThenThrowIllegalArgumentException() {
|
||||
TokenResponse.withToken(TOKEN)
|
||||
OAuth2AccessTokenResponse.withToken(TOKEN)
|
||||
.expiresIn(EXPIRES_IN)
|
||||
.additionalParameters(Collections.emptyMap())
|
||||
.tokenType(null)
|
||||
@ -62,7 +62,7 @@ public class TokenResponseTest {
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void buildWhenTokenTypeNotSetThenThrowIllegalArgumentException() {
|
||||
TokenResponse.withToken(TOKEN)
|
||||
OAuth2AccessTokenResponse.withToken(TOKEN)
|
||||
.expiresIn(EXPIRES_IN)
|
||||
.additionalParameters(Collections.emptyMap())
|
||||
.build();
|
||||
@ -24,11 +24,11 @@ import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatCode;
|
||||
|
||||
/**
|
||||
* Tests {@link AuthorizationRequest}
|
||||
* Tests {@link OAuth2AuthorizationRequest}
|
||||
*
|
||||
* @author Luander Ribeiro
|
||||
*/
|
||||
public class AuthorizationRequestTest {
|
||||
public class OAuth2AuthorizationRequestTests {
|
||||
private static final String AUTHORIZE_URI = "http://authorize.uri/";
|
||||
private static final String CLIENT_ID = "client id";
|
||||
private static final String REDIRECT_URI = "http://redirect.uri/";
|
||||
@ -37,7 +37,7 @@ public class AuthorizationRequestTest {
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void buildWhenAuthorizationUriIsNullThenThrowIllegalArgumentException() {
|
||||
AuthorizationRequest.authorizationCode()
|
||||
OAuth2AuthorizationRequest.authorizationCode()
|
||||
.authorizationUri(null)
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
@ -48,7 +48,7 @@ public class AuthorizationRequestTest {
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void buildWhenAuthorizeUriNotSetThenThrowIllegalArgumentException() {
|
||||
AuthorizationRequest.authorizationCode()
|
||||
OAuth2AuthorizationRequest.authorizationCode()
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scopes(SCOPE)
|
||||
@ -58,7 +58,7 @@ public class AuthorizationRequestTest {
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void buildWhenClientIdIsNullThenThrowIllegalArgumentException() {
|
||||
AuthorizationRequest.authorizationCode()
|
||||
OAuth2AuthorizationRequest.authorizationCode()
|
||||
.authorizationUri(AUTHORIZE_URI)
|
||||
.clientId(null)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
@ -69,7 +69,7 @@ public class AuthorizationRequestTest {
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void buildWhenClientIdNotSetThenThrowIllegalArgumentException() {
|
||||
AuthorizationRequest.authorizationCode()
|
||||
OAuth2AuthorizationRequest.authorizationCode()
|
||||
.authorizationUri(AUTHORIZE_URI)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
.scopes(SCOPE)
|
||||
@ -79,8 +79,8 @@ public class AuthorizationRequestTest {
|
||||
|
||||
@Test
|
||||
public void buildWhenGetResponseTypeIsCalledThenReturnCode() {
|
||||
AuthorizationRequest authorizationRequest;
|
||||
authorizationRequest = AuthorizationRequest.authorizationCode()
|
||||
OAuth2AuthorizationRequest authorizationRequest;
|
||||
authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
|
||||
.authorizationUri(AUTHORIZE_URI)
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
@ -88,12 +88,12 @@ public class AuthorizationRequestTest {
|
||||
.state(STATE)
|
||||
.build();
|
||||
|
||||
assertThat(authorizationRequest.getResponseType()).isEqualTo(ResponseType.CODE);
|
||||
assertThat(authorizationRequest.getResponseType()).isEqualTo(OAuth2AuthorizationResponseType.CODE);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void buildWhenRedirectUriIsNullThenDoesNotThrowAnyException() {
|
||||
assertThatCode(() -> AuthorizationRequest.authorizationCode()
|
||||
assertThatCode(() -> OAuth2AuthorizationRequest.authorizationCode()
|
||||
.authorizationUri(AUTHORIZE_URI)
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(null)
|
||||
@ -104,7 +104,7 @@ public class AuthorizationRequestTest {
|
||||
|
||||
@Test
|
||||
public void buildWhenRedirectUriNotSetThenDoesNotThrowAnyException() {
|
||||
assertThatCode(() -> AuthorizationRequest.authorizationCode()
|
||||
assertThatCode(() -> OAuth2AuthorizationRequest.authorizationCode()
|
||||
.authorizationUri(AUTHORIZE_URI)
|
||||
.clientId(CLIENT_ID)
|
||||
.scopes(SCOPE)
|
||||
@ -114,7 +114,7 @@ public class AuthorizationRequestTest {
|
||||
|
||||
@Test
|
||||
public void buildWhenScopesIsNullThenDoesNotThrowAnyException() {
|
||||
assertThatCode(() -> AuthorizationRequest.authorizationCode()
|
||||
assertThatCode(() -> OAuth2AuthorizationRequest.authorizationCode()
|
||||
.authorizationUri(AUTHORIZE_URI)
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
@ -125,7 +125,7 @@ public class AuthorizationRequestTest {
|
||||
|
||||
@Test
|
||||
public void buildWhenScopesNotSetThenDoesNotThrowAnyException() {
|
||||
assertThatCode(() -> AuthorizationRequest.authorizationCode()
|
||||
assertThatCode(() -> OAuth2AuthorizationRequest.authorizationCode()
|
||||
.authorizationUri(AUTHORIZE_URI)
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
@ -135,7 +135,7 @@ public class AuthorizationRequestTest {
|
||||
|
||||
@Test
|
||||
public void buildWhenStateIsNullThenDoesNotThrowAnyException() {
|
||||
assertThatCode(() -> AuthorizationRequest.authorizationCode()
|
||||
assertThatCode(() -> OAuth2AuthorizationRequest.authorizationCode()
|
||||
.authorizationUri(AUTHORIZE_URI)
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
@ -146,7 +146,7 @@ public class AuthorizationRequestTest {
|
||||
|
||||
@Test
|
||||
public void buildWhenStateNotSetThenDoesNotThrowAnyException() {
|
||||
assertThatCode(() -> AuthorizationRequest.authorizationCode()
|
||||
assertThatCode(() -> OAuth2AuthorizationRequest.authorizationCode()
|
||||
.authorizationUri(AUTHORIZE_URI)
|
||||
.clientId(CLIENT_ID)
|
||||
.redirectUri(REDIRECT_URI)
|
||||
@ -27,10 +27,10 @@ import org.junit.Test;
|
||||
import org.junit.rules.ExpectedException;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.oauth2.core.oidc.IdToken;
|
||||
import org.springframework.security.oauth2.core.oidc.IdTokenClaim;
|
||||
import org.springframework.security.oauth2.core.oidc.StandardClaim;
|
||||
import org.springframework.security.oauth2.core.oidc.UserInfo;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
|
||||
import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
|
||||
import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
||||
@ -52,13 +52,13 @@ public class DefaultOidcUserTests {
|
||||
private static final Map<String, Object> TEST_ID_TOKEN_CLAIMS = new HashMap<>();
|
||||
|
||||
static {
|
||||
TEST_ID_TOKEN_CLAIMS.put(IdTokenClaim.ISS, "https://example.com");
|
||||
TEST_ID_TOKEN_CLAIMS.put(IdTokenClaim.SUB, TEST_SUBJECT);
|
||||
TEST_ID_TOKEN_CLAIMS.put(IdTokenClaimNames.ISS, "https://example.com");
|
||||
TEST_ID_TOKEN_CLAIMS.put(IdTokenClaimNames.SUB, TEST_SUBJECT);
|
||||
}
|
||||
|
||||
private static final IdToken TEST_ID_TOKEN = new IdToken("value", Instant.EPOCH, Instant.MAX, TEST_ID_TOKEN_CLAIMS);
|
||||
private static final OidcIdToken TEST_ID_TOKEN = new OidcIdToken("value", Instant.EPOCH, Instant.MAX, TEST_ID_TOKEN_CLAIMS);
|
||||
|
||||
private static final UserInfo TEST_USER_INFO = new UserInfo(Collections.singletonMap(StandardClaim.EMAIL, TEST_EMAIL));
|
||||
private static final OidcUserInfo TEST_USER_INFO = new OidcUserInfo(Collections.singletonMap(StandardClaimNames.EMAIL, TEST_EMAIL));
|
||||
|
||||
@Rule
|
||||
public ExpectedException thrown = ExpectedException.none();
|
||||
@ -70,17 +70,17 @@ public class DefaultOidcUserTests {
|
||||
assertThat(user.getName()).isEqualTo(TEST_SUBJECT);
|
||||
assertThat(user.getAuthorities()).hasSize(1);
|
||||
assertThat(user.getAuthorities().iterator().next()).isEqualTo(TEST_AUTHORITY);
|
||||
assertThat(user.getAttributes()).containsOnlyKeys(IdTokenClaim.ISS, IdTokenClaim.SUB);
|
||||
assertThat(user.getAttributes()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void constructorWhenAuthoritiesAndIdTokenAndNameAttributeKeyThenIsCreated() {
|
||||
DefaultOidcUser user = new DefaultOidcUser(TEST_AUTHORITIES, TEST_ID_TOKEN, IdTokenClaim.SUB);
|
||||
DefaultOidcUser user = new DefaultOidcUser(TEST_AUTHORITIES, TEST_ID_TOKEN, IdTokenClaimNames.SUB);
|
||||
|
||||
assertThat(user.getName()).isEqualTo(TEST_SUBJECT);
|
||||
assertThat(user.getAuthorities()).hasSize(1);
|
||||
assertThat(user.getAuthorities().iterator().next()).isEqualTo(TEST_AUTHORITY);
|
||||
assertThat(user.getAttributes()).containsOnlyKeys(IdTokenClaim.ISS, IdTokenClaim.SUB);
|
||||
assertThat(user.getAttributes()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB);
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -90,17 +90,17 @@ public class DefaultOidcUserTests {
|
||||
assertThat(user.getName()).isEqualTo(TEST_SUBJECT);
|
||||
assertThat(user.getAuthorities()).hasSize(1);
|
||||
assertThat(user.getAuthorities().iterator().next()).isEqualTo(TEST_AUTHORITY);
|
||||
assertThat(user.getAttributes()).containsOnlyKeys(IdTokenClaim.ISS, IdTokenClaim.SUB, StandardClaim.EMAIL);
|
||||
assertThat(user.getAttributes()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB, StandardClaimNames.EMAIL);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void constructorWhenAuthoritiesAndIdTokenAndUserInfoAndNameAttributeKeyThenIsCreated() {
|
||||
DefaultOidcUser user = new DefaultOidcUser(TEST_AUTHORITIES, TEST_ID_TOKEN, TEST_USER_INFO, StandardClaim.EMAIL);
|
||||
DefaultOidcUser user = new DefaultOidcUser(TEST_AUTHORITIES, TEST_ID_TOKEN, TEST_USER_INFO, StandardClaimNames.EMAIL);
|
||||
|
||||
assertThat(user.getName()).isEqualTo(TEST_EMAIL);
|
||||
assertThat(user.getAuthorities()).hasSize(1);
|
||||
assertThat(user.getAuthorities().iterator().next()).isEqualTo(TEST_AUTHORITY);
|
||||
assertThat(user.getAttributes()).containsOnlyKeys(IdTokenClaim.ISS, IdTokenClaim.SUB, StandardClaim.EMAIL);
|
||||
assertThat(user.getAttributes()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB, StandardClaimNames.EMAIL);
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -114,9 +114,9 @@ public class DefaultOidcUserTests {
|
||||
@Test
|
||||
public void constructorWhenNameAttributeKeyClaimIsNotPresentThenThrowsException() {
|
||||
this.thrown.expect(IllegalArgumentException.class);
|
||||
this.thrown.expectMessage("Missing attribute '" + StandardClaim.NAME + "' in attributes");
|
||||
this.thrown.expectMessage("Missing attribute '" + StandardClaimNames.NAME + "' in attributes");
|
||||
|
||||
new DefaultOidcUser(TEST_AUTHORITIES, TEST_ID_TOKEN, TEST_USER_INFO, StandardClaim.NAME);
|
||||
new DefaultOidcUser(TEST_AUTHORITIES, TEST_ID_TOKEN, TEST_USER_INFO, StandardClaimNames.NAME);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -43,10 +43,10 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationRequestRedirectFilter;
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;
|
||||
import org.springframework.security.oauth2.core.endpoint.ResponseType;
|
||||
import org.springframework.security.oauth2.core.endpoint.TokenResponse;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||
import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
|
||||
import org.springframework.test.context.junit4.SpringRunner;
|
||||
@ -136,13 +136,13 @@ public class OAuth2LoginApplicationTests {
|
||||
|
||||
Map<String, String> params = uriComponents.getQueryParams().toSingleValueMap();
|
||||
|
||||
assertThat(params.get(OAuth2Parameter.RESPONSE_TYPE)).isEqualTo(ResponseType.CODE.getValue());
|
||||
assertThat(params.get(OAuth2Parameter.CLIENT_ID)).isEqualTo(this.githubClientRegistration.getClientId());
|
||||
assertThat(params.get(OAuth2ParameterNames.RESPONSE_TYPE)).isEqualTo(OAuth2AuthorizationResponseType.CODE.getValue());
|
||||
assertThat(params.get(OAuth2ParameterNames.CLIENT_ID)).isEqualTo(this.githubClientRegistration.getClientId());
|
||||
String redirectUri = AUTHORIZE_BASE_URL + "/" + this.githubClientRegistration.getRegistrationId();
|
||||
assertThat(URLDecoder.decode(params.get(OAuth2Parameter.REDIRECT_URI), "UTF-8")).isEqualTo(redirectUri);
|
||||
assertThat(URLDecoder.decode(params.get(OAuth2Parameter.SCOPE), "UTF-8"))
|
||||
assertThat(URLDecoder.decode(params.get(OAuth2ParameterNames.REDIRECT_URI), "UTF-8")).isEqualTo(redirectUri);
|
||||
assertThat(URLDecoder.decode(params.get(OAuth2ParameterNames.SCOPE), "UTF-8"))
|
||||
.isEqualTo(this.githubClientRegistration.getScopes().stream().collect(Collectors.joining(" ")));
|
||||
assertThat(params.get(OAuth2Parameter.STATE)).isNotNull();
|
||||
assertThat(params.get(OAuth2ParameterNames.STATE)).isNotNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -177,13 +177,13 @@ public class OAuth2LoginApplicationTests {
|
||||
|
||||
Map<String, String> params = authorizeRequestUriComponents.getQueryParams().toSingleValueMap();
|
||||
String code = "auth-code";
|
||||
String state = URLDecoder.decode(params.get(OAuth2Parameter.STATE), "UTF-8");
|
||||
String redirectUri = URLDecoder.decode(params.get(OAuth2Parameter.REDIRECT_URI), "UTF-8");
|
||||
String state = URLDecoder.decode(params.get(OAuth2ParameterNames.STATE), "UTF-8");
|
||||
String redirectUri = URLDecoder.decode(params.get(OAuth2ParameterNames.REDIRECT_URI), "UTF-8");
|
||||
|
||||
String authorizationResponseUri =
|
||||
UriComponentsBuilder.fromHttpUrl(redirectUri)
|
||||
.queryParam(OAuth2Parameter.CODE, code)
|
||||
.queryParam(OAuth2Parameter.STATE, state)
|
||||
.queryParam(OAuth2ParameterNames.CODE, code)
|
||||
.queryParam(OAuth2ParameterNames.STATE, state)
|
||||
.build().encode().toUriString();
|
||||
|
||||
page = this.webClient.getPage(new URL(authorizationResponseUri));
|
||||
@ -202,8 +202,8 @@ public class OAuth2LoginApplicationTests {
|
||||
|
||||
String authorizationResponseUri =
|
||||
UriComponentsBuilder.fromHttpUrl(redirectUri)
|
||||
.queryParam(OAuth2Parameter.CODE, code)
|
||||
.queryParam(OAuth2Parameter.STATE, state)
|
||||
.queryParam(OAuth2ParameterNames.CODE, code)
|
||||
.queryParam(OAuth2ParameterNames.STATE, state)
|
||||
.build().encode().toUriString();
|
||||
|
||||
// Clear session cookie will ensure the 'session-saved'
|
||||
@ -234,8 +234,8 @@ public class OAuth2LoginApplicationTests {
|
||||
|
||||
String authorizationResponseUri =
|
||||
UriComponentsBuilder.fromHttpUrl(redirectUri)
|
||||
.queryParam(OAuth2Parameter.CODE, code)
|
||||
.queryParam(OAuth2Parameter.STATE, state)
|
||||
.queryParam(OAuth2ParameterNames.CODE, code)
|
||||
.queryParam(OAuth2ParameterNames.STATE, state)
|
||||
.build().encode().toUriString();
|
||||
|
||||
page = this.webClient.getPage(new URL(authorizationResponseUri));
|
||||
@ -262,14 +262,14 @@ public class OAuth2LoginApplicationTests {
|
||||
|
||||
Map<String, String> params = authorizeRequestUriComponents.getQueryParams().toSingleValueMap();
|
||||
String code = "auth-code";
|
||||
String state = URLDecoder.decode(params.get(OAuth2Parameter.STATE), "UTF-8");
|
||||
String redirectUri = URLDecoder.decode(params.get(OAuth2Parameter.REDIRECT_URI), "UTF-8");
|
||||
String state = URLDecoder.decode(params.get(OAuth2ParameterNames.STATE), "UTF-8");
|
||||
String redirectUri = URLDecoder.decode(params.get(OAuth2ParameterNames.REDIRECT_URI), "UTF-8");
|
||||
redirectUri += "-invalid";
|
||||
|
||||
String authorizationResponseUri =
|
||||
UriComponentsBuilder.fromHttpUrl(redirectUri)
|
||||
.queryParam(OAuth2Parameter.CODE, code)
|
||||
.queryParam(OAuth2Parameter.STATE, state)
|
||||
.queryParam(OAuth2ParameterNames.CODE, code)
|
||||
.queryParam(OAuth2ParameterNames.STATE, state)
|
||||
.build().encode().toUriString();
|
||||
|
||||
page = this.webClient.getPage(new URL(authorizationResponseUri));
|
||||
@ -355,13 +355,13 @@ public class OAuth2LoginApplicationTests {
|
||||
// @formatter:on
|
||||
|
||||
private AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> mockAuthorizationCodeTokenExchanger() {
|
||||
TokenResponse tokenResponse = TokenResponse.withToken("access-token-1234")
|
||||
.tokenType(AccessToken.TokenType.BEARER)
|
||||
OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
|
||||
.tokenType(OAuth2AccessToken.TokenType.BEARER)
|
||||
.expiresIn(60 * 1000)
|
||||
.build();
|
||||
|
||||
AuthorizationGrantTokenExchanger mock = mock(AuthorizationGrantTokenExchanger.class);
|
||||
when(mock.exchange(any())).thenReturn(tokenResponse);
|
||||
when(mock.exchange(any())).thenReturn(accessTokenResponse);
|
||||
return mock;
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user