diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java index 38c4eeb540..4cf7de9c29 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java @@ -42,7 +42,7 @@ import org.springframework.security.oauth2.client.userinfo.OAuth2UserService; import org.springframework.security.oauth2.client.web.AuthorizationRequestRedirectFilter; import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository; import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter; -import org.springframework.security.oauth2.core.AccessToken; +import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.oidc.user.OidcUser; import org.springframework.security.oauth2.core.user.OAuth2User; import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter; @@ -134,7 +134,7 @@ public final class OAuth2LoginConfigurer> exten public class TokenEndpointConfig { private AuthorizationGrantTokenExchanger authorizationCodeTokenExchanger; - private OAuth2TokenRepository accessTokenRepository; + private OAuth2TokenRepository accessTokenRepository; private JwtDecoderRegistry jwtDecoderRegistry; private TokenEndpointConfig() { @@ -148,7 +148,7 @@ public final class OAuth2LoginConfigurer> exten return this; } - public TokenEndpointConfig accessTokenRepository(OAuth2TokenRepository accessTokenRepository) { + public TokenEndpointConfig accessTokenRepository(OAuth2TokenRepository accessTokenRepository) { Assert.notNull(accessTokenRepository, "accessTokenRepository cannot be null"); this.accessTokenRepository = accessTokenRepository; return this; diff --git a/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java b/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java index 30d773aebd..b1d7e59f26 100644 --- a/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java +++ b/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java @@ -19,7 +19,7 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio import org.springframework.security.oauth2.client.registration.ClientRegistration.Builder; import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.ClientAuthenticationMethod; -import org.springframework.security.oauth2.core.oidc.IdTokenClaim; +import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames; /** * Common OAuth2 Providers that can be used to create @@ -42,7 +42,7 @@ public enum CommonOAuth2Provider { builder.tokenUri("https://www.googleapis.com/oauth2/v4/token"); builder.jwkSetUri("https://www.googleapis.com/oauth2/v3/certs"); builder.userInfoUri("https://www.googleapis.com/oauth2/v3/userinfo"); - builder.userNameAttributeName(IdTokenClaim.SUB); + builder.userNameAttributeName(IdTokenClaimNames.SUB); builder.clientName("Google"); return builder; } @@ -87,7 +87,7 @@ public enum CommonOAuth2Provider { ClientRegistration.Builder builder = getBuilder(registrationId, ClientAuthenticationMethod.BASIC, DEFAULT_LOGIN_REDIRECT_URL); builder.scope("openid", "profile", "email", "address", "phone"); - builder.userNameAttributeName(IdTokenClaim.SUB); + builder.userNameAttributeName(IdTokenClaimNames.SUB); builder.clientName("Okta"); return builder; } diff --git a/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java b/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java index 041450c150..f868928f3b 100644 --- a/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java +++ b/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java @@ -20,7 +20,7 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio import org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails; import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.ClientAuthenticationMethod; -import org.springframework.security.oauth2.core.oidc.IdTokenClaim; +import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames; import static org.assertj.core.api.Assertions.assertThat; @@ -44,7 +44,7 @@ public class CommonOAuth2ProviderTests { assertThat(providerDetails.getUserInfoEndpoint().getUri()) .isEqualTo("https://www.googleapis.com/oauth2/v3/userinfo"); assertThat(providerDetails.getUserInfoEndpoint().getUserNameAttributeName()) - .isEqualTo(IdTokenClaim.SUB); + .isEqualTo(IdTokenClaimNames.SUB); assertThat(providerDetails.getJwkSetUri()) .isEqualTo("https://www.googleapis.com/oauth2/v3/certs"); assertThat(registration.getClientAuthenticationMethod()) @@ -117,7 +117,7 @@ public class CommonOAuth2ProviderTests { assertThat(providerDetails.getTokenUri()).isEqualTo("http://example.com/token"); assertThat(providerDetails.getUserInfoEndpoint().getUri()).isEqualTo("http://example.com/info"); assertThat(providerDetails.getUserInfoEndpoint().getUserNameAttributeName()) - .isEqualTo(IdTokenClaim.SUB); + .isEqualTo(IdTokenClaimNames.SUB); assertThat(providerDetails.getJwkSetUri()).isEqualTo("http://example.com/jwkset"); assertThat(registration.getClientAuthenticationMethod()) .isEqualTo(ClientAuthenticationMethod.BASIC); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java index 05edf0fc3f..326fbfea0d 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java @@ -16,7 +16,7 @@ package org.springframework.security.oauth2.client; import org.springframework.security.oauth2.client.registration.ClientRegistration; -import org.springframework.security.oauth2.core.AccessToken; +import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.util.Assert; /** @@ -32,15 +32,15 @@ import org.springframework.util.Assert; * @author Joe Grandja * @since 5.0 * @see ClientRegistration - * @see AccessToken + * @see OAuth2AccessToken * @see Section 5.1 Access Token Response */ public class OAuth2AuthorizedClient { private final ClientRegistration clientRegistration; private final String principalName; - private final AccessToken accessToken; + private final OAuth2AccessToken accessToken; - public OAuth2AuthorizedClient(ClientRegistration clientRegistration, String principalName, AccessToken accessToken) { + public OAuth2AuthorizedClient(ClientRegistration clientRegistration, String principalName, OAuth2AccessToken accessToken) { Assert.notNull(clientRegistration, "clientRegistration cannot be null"); Assert.hasText(principalName, "principalName cannot be empty"); Assert.notNull(accessToken, "accessToken cannot be null"); @@ -57,7 +57,7 @@ public class OAuth2AuthorizedClient { return this.principalName; } - public AccessToken getAccessToken() { + public OAuth2AccessToken getAccessToken() { return this.accessToken; } } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationToken.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationToken.java index 68083c1748..2911afe5a1 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationToken.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationToken.java @@ -17,9 +17,9 @@ package org.springframework.security.oauth2.client.authentication; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.endpoint.AuthorizationExchange; -import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest; -import org.springframework.security.oauth2.core.endpoint.AuthorizationResponse; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse; import org.springframework.util.Assert; /** @@ -30,16 +30,16 @@ import org.springframework.util.Assert; * @since 5.0 * @see AuthorizationGrantAuthenticationToken * @see ClientRegistration - * @see AuthorizationRequest - * @see AuthorizationResponse + * @see OAuth2AuthorizationRequest + * @see OAuth2AuthorizationResponse * @see Section 1.3.1 Authorization Code Grant */ public class AuthorizationCodeAuthenticationToken extends AuthorizationGrantAuthenticationToken { private final ClientRegistration clientRegistration; - private final AuthorizationExchange authorizationExchange; + private final OAuth2AuthorizationExchange authorizationExchange; public AuthorizationCodeAuthenticationToken(ClientRegistration clientRegistration, - AuthorizationExchange authorizationExchange) { + OAuth2AuthorizationExchange authorizationExchange) { super(AuthorizationGrantType.AUTHORIZATION_CODE); Assert.notNull(clientRegistration, "clientRegistration cannot be null"); @@ -63,7 +63,7 @@ public class AuthorizationCodeAuthenticationToken extends AuthorizationGrantAuth return this.clientRegistration; } - public AuthorizationExchange getAuthorizationExchange() { + public OAuth2AuthorizationExchange getAuthorizationExchange() { return this.authorizationExchange; } } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationGrantTokenExchanger.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationGrantTokenExchanger.java index f9e4143e65..ad52c35216 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationGrantTokenExchanger.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationGrantTokenExchanger.java @@ -18,7 +18,7 @@ package org.springframework.security.oauth2.client.authentication; import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; -import org.springframework.security.oauth2.core.endpoint.TokenResponse; +import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; /** * Implementations of this interface are responsible for "exchanging" @@ -29,13 +29,13 @@ import org.springframework.security.oauth2.core.endpoint.TokenResponse; * @since 5.0 * @see AuthorizationGrantType * @see AuthorizationGrantAuthenticationToken - * @see TokenResponse + * @see OAuth2AccessTokenResponse * @see Section 1.3 Authorization Grant * @see Section 4.1.3 Access Token Request (Authorization Code Grant) * @see Section 4.1.4 Access Token Response (Authorization Code Grant) */ public interface AuthorizationGrantTokenExchanger { - TokenResponse exchange(T authorizationGrantAuthentication) throws OAuth2AuthenticationException; + OAuth2AccessTokenResponse exchange(T authorizationGrantAuthentication) throws OAuth2AuthenticationException; } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/NimbusAuthorizationCodeTokenExchanger.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/NimbusAuthorizationCodeTokenExchanger.java index 1751c5dff4..5565b1e089 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/NimbusAuthorizationCodeTokenExchanger.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/NimbusAuthorizationCodeTokenExchanger.java @@ -33,11 +33,11 @@ import com.nimbusds.oauth2.sdk.id.ClientID; import org.springframework.http.MediaType; import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.oauth2.client.registration.ClientRegistration; -import org.springframework.security.oauth2.core.AccessToken; +import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; import org.springframework.security.oauth2.core.OAuth2Error; -import org.springframework.security.oauth2.core.endpoint.TokenResponse; +import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; import org.springframework.util.CollectionUtils; import java.io.IOException; @@ -59,7 +59,7 @@ import java.util.Set; * @since 5.0 * @see AuthorizationGrantTokenExchanger * @see AuthorizationCodeAuthenticationToken - * @see TokenResponse + * @see OAuth2AccessTokenResponse * @see Nimbus OAuth 2.0 SDK * @see Section 4.1.3 Access Token Request (Authorization Code Grant) * @see Section 4.1.4 Access Token Response (Authorization Code Grant) @@ -68,7 +68,7 @@ public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrant private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response"; @Override - public TokenResponse exchange(AuthorizationCodeAuthenticationToken authorizationCodeAuthentication) + public OAuth2AccessTokenResponse exchange(AuthorizationCodeAuthenticationToken authorizationCodeAuthentication) throws OAuth2AuthenticationException { ClientRegistration clientRegistration = authorizationCodeAuthentication.getClientRegistration(); @@ -117,9 +117,9 @@ public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrant AccessTokenResponse accessTokenResponse = (AccessTokenResponse) tokenResponse; String accessToken = accessTokenResponse.getTokens().getAccessToken().getValue(); - AccessToken.TokenType accessTokenType = null; - if (AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(accessTokenResponse.getTokens().getAccessToken().getType().getValue())) { - accessTokenType = AccessToken.TokenType.BEARER; + OAuth2AccessToken.TokenType accessTokenType = null; + if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(accessTokenResponse.getTokens().getAccessToken().getType().getValue())) { + accessTokenType = OAuth2AccessToken.TokenType.BEARER; } long expiresIn = accessTokenResponse.getTokens().getAccessToken().getLifetime(); @@ -138,7 +138,7 @@ public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrant Map additionalParameters = new LinkedHashMap<>(accessTokenResponse.getCustomParameters()); - return TokenResponse.withToken(accessToken) + return OAuth2AccessTokenResponse.withToken(accessToken) .tokenType(accessTokenType) .expiresIn(expiresIn) .scopes(scopes) diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java index 93df723ee6..ba3db09450 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java @@ -22,12 +22,12 @@ import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper; import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; import org.springframework.security.oauth2.client.userinfo.OAuth2UserService; -import org.springframework.security.oauth2.core.AccessToken; +import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; import org.springframework.security.oauth2.core.OAuth2Error; -import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest; -import org.springframework.security.oauth2.core.endpoint.AuthorizationResponse; -import org.springframework.security.oauth2.core.endpoint.TokenResponse; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse; +import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; import org.springframework.security.oauth2.core.user.OAuth2User; import org.springframework.util.Assert; @@ -88,9 +88,9 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider return null; } - AuthorizationRequest authorizationRequest = authorizationCodeAuthentication + OAuth2AuthorizationRequest authorizationRequest = authorizationCodeAuthentication .getAuthorizationExchange().getAuthorizationRequest(); - AuthorizationResponse authorizationResponse = authorizationCodeAuthentication + OAuth2AuthorizationResponse authorizationResponse = authorizationCodeAuthentication .getAuthorizationExchange().getAuthorizationResponse(); if (authorizationResponse.statusError()) { @@ -108,12 +108,12 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()); } - TokenResponse tokenResponse = + OAuth2AccessTokenResponse accessTokenResponse = this.authorizationCodeTokenExchanger.exchange(authorizationCodeAuthentication); - AccessToken accessToken = new AccessToken(tokenResponse.getTokenType(), - tokenResponse.getTokenValue(), tokenResponse.getIssuedAt(), - tokenResponse.getExpiresAt(), tokenResponse.getScopes()); + OAuth2AccessToken accessToken = new OAuth2AccessToken(accessTokenResponse.getTokenType(), + accessTokenResponse.getTokenValue(), accessTokenResponse.getIssuedAt(), + accessTokenResponse.getExpiresAt(), accessTokenResponse.getScopes()); OAuth2AuthorizedClient oauth2AuthorizedClient = new OAuth2AuthorizedClient( authorizationCodeAuthentication.getClientRegistration(), "unknown", accessToken); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AuthorizationRequestUriBuilder.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AuthorizationRequestUriBuilder.java index 3b4e90425c..ec35b55917 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AuthorizationRequestUriBuilder.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AuthorizationRequestUriBuilder.java @@ -16,7 +16,7 @@ package org.springframework.security.oauth2.client.endpoint; -import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; import java.net.URI; @@ -37,10 +37,10 @@ import java.net.URI; * * @author Joe Grandja * @since 5.0 - * @see AuthorizationRequest + * @see OAuth2AuthorizationRequest * @see Section 4.1.1 Authorization Request */ public interface AuthorizationRequestUriBuilder { - URI build(AuthorizationRequest authorizationRequest); + URI build(OAuth2AuthorizationRequest authorizationRequest); } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationRequestUriBuilder.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationRequestUriBuilder.java index 626257e75f..949a6bfc46 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationRequestUriBuilder.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationRequestUriBuilder.java @@ -15,8 +15,8 @@ */ package org.springframework.security.oauth2.client.endpoint; -import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest; -import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; +import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.util.StringUtils; import org.springframework.web.util.UriComponentsBuilder; @@ -30,23 +30,23 @@ import java.util.Set; * @author Joe Grandja * @since 5.0 * @see AuthorizationRequestUriBuilder - * @see AuthorizationRequest + * @see OAuth2AuthorizationRequest * @see Section 4.1.1 Authorization Code Grant Request * @see Section 4.2.1 Implicit Grant Request */ public class DefaultAuthorizationRequestUriBuilder implements AuthorizationRequestUriBuilder { @Override - public URI build(AuthorizationRequest authorizationRequest) { + public URI build(OAuth2AuthorizationRequest authorizationRequest) { Set scopes = authorizationRequest.getScopes(); UriComponentsBuilder uriBuilder = UriComponentsBuilder .fromUriString(authorizationRequest.getAuthorizationUri()) - .queryParam(OAuth2Parameter.RESPONSE_TYPE, authorizationRequest.getResponseType().getValue()) - .queryParam(OAuth2Parameter.CLIENT_ID, authorizationRequest.getClientId()) - .queryParam(OAuth2Parameter.SCOPE, StringUtils.collectionToDelimitedString(scopes, " ")) - .queryParam(OAuth2Parameter.STATE, authorizationRequest.getState()); + .queryParam(OAuth2ParameterNames.RESPONSE_TYPE, authorizationRequest.getResponseType().getValue()) + .queryParam(OAuth2ParameterNames.CLIENT_ID, authorizationRequest.getClientId()) + .queryParam(OAuth2ParameterNames.SCOPE, StringUtils.collectionToDelimitedString(scopes, " ")) + .queryParam(OAuth2ParameterNames.STATE, authorizationRequest.getState()); if (authorizationRequest.getRedirectUri() != null) { - uriBuilder.queryParam(OAuth2Parameter.REDIRECT_URI, authorizationRequest.getRedirectUri()); + uriBuilder.queryParam(OAuth2ParameterNames.REDIRECT_URI, authorizationRequest.getRedirectUri()); } return uriBuilder.build().encode().toUri(); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/OidcAuthorizedClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/OidcAuthorizedClient.java index 7299d25f58..b06b763811 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/OidcAuthorizedClient.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/OidcAuthorizedClient.java @@ -17,8 +17,8 @@ package org.springframework.security.oauth2.client.oidc; import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; import org.springframework.security.oauth2.client.registration.ClientRegistration; -import org.springframework.security.oauth2.core.AccessToken; -import org.springframework.security.oauth2.core.oidc.IdToken; +import org.springframework.security.oauth2.core.OAuth2AccessToken; +import org.springframework.security.oauth2.core.oidc.OidcIdToken; import org.springframework.util.Assert; /** @@ -35,21 +35,21 @@ import org.springframework.util.Assert; * @author Joe Grandja * @since 5.0 * @see OAuth2AuthorizedClient - * @see IdToken + * @see OidcIdToken * @see 3.1.3.3 Successful Token Response */ public class OidcAuthorizedClient extends OAuth2AuthorizedClient { - private final IdToken idToken; + private final OidcIdToken idToken; public OidcAuthorizedClient(ClientRegistration clientRegistration, String principalName, - AccessToken accessToken, IdToken idToken) { + OAuth2AccessToken accessToken, OidcIdToken idToken) { super(clientRegistration, principalName, accessToken); Assert.notNull(idToken, "idToken cannot be null"); this.idToken = idToken; } - public IdToken getIdToken() { + public OidcIdToken getIdToken() { return this.idToken; } } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java index 6bf60a3f52..f6aeb39f3f 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java @@ -28,15 +28,15 @@ import org.springframework.security.oauth2.client.oidc.OidcAuthorizedClient; import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.userinfo.OAuth2UserService; -import org.springframework.security.oauth2.core.AccessToken; +import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; import org.springframework.security.oauth2.core.OAuth2Error; -import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest; -import org.springframework.security.oauth2.core.endpoint.AuthorizationResponse; -import org.springframework.security.oauth2.core.endpoint.TokenResponse; -import org.springframework.security.oauth2.core.oidc.IdToken; -import org.springframework.security.oauth2.core.oidc.OidcScope; -import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameter; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse; +import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; +import org.springframework.security.oauth2.core.oidc.OidcIdToken; +import org.springframework.security.oauth2.core.oidc.OidcScopes; +import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames; import org.springframework.security.oauth2.core.oidc.user.OidcUser; import org.springframework.security.oauth2.jwt.Jwt; import org.springframework.security.oauth2.jwt.JwtDecoder; @@ -102,15 +102,15 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati // scope // REQUIRED. OpenID Connect requests MUST contain the "openid" scope value. if (!authorizationCodeAuthentication.getAuthorizationExchange() - .getAuthorizationRequest().getScopes().contains(OidcScope.OPENID)) { + .getAuthorizationRequest().getScopes().contains(OidcScopes.OPENID)) { // This is NOT an OpenID Connect Authentication Request so return null // and let OAuth2LoginAuthenticationProvider handle it instead return null; } - AuthorizationRequest authorizationRequest = authorizationCodeAuthentication + OAuth2AuthorizationRequest authorizationRequest = authorizationCodeAuthentication .getAuthorizationExchange().getAuthorizationRequest(); - AuthorizationResponse authorizationResponse = authorizationCodeAuthentication + OAuth2AuthorizationResponse authorizationResponse = authorizationCodeAuthentication .getAuthorizationExchange().getAuthorizationResponse(); if (authorizationResponse.statusError()) { @@ -128,16 +128,16 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()); } - TokenResponse tokenResponse = + OAuth2AccessTokenResponse accessTokenResponse = this.authorizationCodeTokenExchanger.exchange(authorizationCodeAuthentication); - AccessToken accessToken = new AccessToken(tokenResponse.getTokenType(), - tokenResponse.getTokenValue(), tokenResponse.getIssuedAt(), - tokenResponse.getExpiresAt(), tokenResponse.getScopes()); + OAuth2AccessToken accessToken = new OAuth2AccessToken(accessTokenResponse.getTokenType(), + accessTokenResponse.getTokenValue(), accessTokenResponse.getIssuedAt(), + accessTokenResponse.getExpiresAt(), accessTokenResponse.getScopes()); ClientRegistration clientRegistration = authorizationCodeAuthentication.getClientRegistration(); - if (!tokenResponse.getAdditionalParameters().containsKey(OidcParameter.ID_TOKEN)) { + if (!accessTokenResponse.getAdditionalParameters().containsKey(OidcParameterNames.ID_TOKEN)) { throw new IllegalArgumentException( "Missing (required) ID Token in Token Response for Client Registration: " + clientRegistration.getRegistrationId()); } @@ -147,8 +147,8 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati throw new IllegalArgumentException("Failed to find a registered JwtDecoder for Client Registration: '" + clientRegistration.getRegistrationId() + "'. Check to ensure you have configured the JwkSet URI."); } - Jwt jwt = jwtDecoder.decode((String)tokenResponse.getAdditionalParameters().get(OidcParameter.ID_TOKEN)); - IdToken idToken = new IdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaims()); + Jwt jwt = jwtDecoder.decode((String) accessTokenResponse.getAdditionalParameters().get(OidcParameterNames.ID_TOKEN)); + OidcIdToken idToken = new OidcIdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaims()); this.validateIdToken(idToken, clientRegistration); @@ -182,7 +182,7 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati return AuthorizationCodeAuthenticationToken.class.isAssignableFrom(authentication); } - private void validateIdToken(IdToken idToken, ClientRegistration clientRegistration) { + private void validateIdToken(OidcIdToken idToken, ClientRegistration clientRegistration) { // 3.1.3.7 ID Token Validation // http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java index 050c93fb2c..60fc91dce1 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java @@ -23,8 +23,8 @@ import org.springframework.security.oauth2.client.userinfo.UserInfoRetriever; import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; import org.springframework.security.oauth2.core.OAuth2Error; -import org.springframework.security.oauth2.core.oidc.OidcScope; -import org.springframework.security.oauth2.core.oidc.UserInfo; +import org.springframework.security.oauth2.core.oidc.OidcScopes; +import org.springframework.security.oauth2.core.oidc.OidcUserInfo; import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser; import org.springframework.security.oauth2.core.oidc.user.OidcUser; import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority; @@ -41,7 +41,7 @@ import java.util.Set; *

* This implementation uses a {@link UserInfoRetriever} to obtain the user attributes * of the End-User (resource owner) from the UserInfo Endpoint - * and constructs a {@link UserInfo} instance. + * and constructs a {@link OidcUserInfo} instance. * * @author Joe Grandja * @since 5.0 @@ -49,21 +49,21 @@ import java.util.Set; * @see OidcAuthorizedClient * @see OidcUser * @see DefaultOidcUser - * @see UserInfo + * @see OidcUserInfo * @see UserInfoRetriever */ public class OidcUserService implements OAuth2UserService { private static final String INVALID_USER_INFO_RESPONSE_ERROR_CODE = "invalid_user_info_response"; private UserInfoRetriever userInfoRetriever = new NimbusUserInfoRetriever(); private final Set userInfoScopes = new HashSet<>( - Arrays.asList(OidcScope.PROFILE, OidcScope.EMAIL, OidcScope.ADDRESS, OidcScope.PHONE)); + Arrays.asList(OidcScopes.PROFILE, OidcScopes.EMAIL, OidcScopes.ADDRESS, OidcScopes.PHONE)); @Override public OidcUser loadUser(OidcAuthorizedClient authorizedClient) throws OAuth2AuthenticationException { - UserInfo userInfo = null; + OidcUserInfo userInfo = null; if (this.shouldRetrieveUserInfo(authorizedClient)) { Map userAttributes = this.userInfoRetriever.retrieve(authorizedClient, Map.class); - userInfo = new UserInfo(userAttributes); + userInfo = new OidcUserInfo(userAttributes); // http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse // Due to the possibility of token substitution attacks (see Section 16.11), diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java index 3dbcc77d3d..8e13bde0ec 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java @@ -17,7 +17,7 @@ package org.springframework.security.oauth2.client.registration; import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.ClientAuthenticationMethod; -import org.springframework.security.oauth2.core.oidc.OidcScope; +import org.springframework.security.oauth2.core.oidc.OidcScopes; import org.springframework.util.Assert; import org.springframework.util.CollectionUtils; @@ -280,7 +280,7 @@ public final class ClientRegistration { Assert.notEmpty(this.scopes, "scopes cannot be empty"); Assert.hasText(this.authorizationUri, "authorizationUri cannot be empty"); Assert.hasText(this.tokenUri, "tokenUri cannot be empty"); - if (this.scopes.contains(OidcScope.OPENID)) { + if (this.scopes.contains(OidcScopes.OPENID)) { // OIDC Clients need to verify/validate the ID Token Assert.hasText(this.jwkSetUri, "jwkSetUri cannot be empty"); } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/token/InMemoryAccessTokenRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/token/InMemoryAccessTokenRepository.java index 5429449a8a..b31e7a1d32 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/token/InMemoryAccessTokenRepository.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/token/InMemoryAccessTokenRepository.java @@ -17,7 +17,7 @@ package org.springframework.security.oauth2.client.token; import org.springframework.security.core.Authentication; import org.springframework.security.oauth2.client.registration.ClientRegistration; -import org.springframework.security.oauth2.core.AccessToken; +import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.util.Assert; import java.util.Base64; @@ -25,27 +25,27 @@ import java.util.Map; import java.util.concurrent.ConcurrentHashMap; /** - * An in-memory {@link OAuth2TokenRepository} for {@link AccessToken}'s. + * An in-memory {@link OAuth2TokenRepository} for {@link OAuth2AccessToken}'s. * * @author Joe Grandja * @since 5.0 * @see OAuth2TokenRepository - * @see AccessToken + * @see OAuth2AccessToken * @see ClientRegistration * @see Authentication */ -public final class InMemoryAccessTokenRepository implements OAuth2TokenRepository { - private final Map accessTokens = new ConcurrentHashMap<>(); +public final class InMemoryAccessTokenRepository implements OAuth2TokenRepository { + private final Map accessTokens = new ConcurrentHashMap<>(); @Override - public AccessToken loadToken(ClientRegistration registration, Authentication principal) { + public OAuth2AccessToken loadToken(ClientRegistration registration, Authentication principal) { Assert.notNull(registration, "registration cannot be null"); Assert.notNull(principal, "principal cannot be null"); return this.accessTokens.get(this.getIdentifier(registration, principal)); } @Override - public void saveToken(AccessToken accessToken, ClientRegistration registration, Authentication principal) { + public void saveToken(OAuth2AccessToken accessToken, ClientRegistration registration, Authentication principal) { Assert.notNull(accessToken, "accessToken cannot be null"); Assert.notNull(registration, "registration cannot be null"); Assert.notNull(principal, "principal cannot be null"); @@ -53,7 +53,7 @@ public final class InMemoryAccessTokenRepository implements OAuth2TokenRepositor } @Override - public AccessToken removeToken(ClientRegistration registration, Authentication principal) { + public OAuth2AccessToken removeToken(ClientRegistration registration, Authentication principal) { Assert.notNull(registration, "registration cannot be null"); Assert.notNull(principal, "principal cannot be null"); return this.accessTokens.remove(this.getIdentifier(registration, principal)); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRedirectFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRedirectFilter.java index d62f8c1214..68c1a36a91 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRedirectFilter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRedirectFilter.java @@ -22,9 +22,9 @@ import org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationR import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; import org.springframework.security.oauth2.client.endpoint.AuthorizationRequestUriBuilder; -import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter; +import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.web.DefaultRedirectStrategy; import org.springframework.security.web.RedirectStrategy; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; @@ -55,7 +55,7 @@ import java.util.Map; * * @author Joe Grandja * @since 5.0 - * @see AuthorizationRequest + * @see OAuth2AuthorizationRequest * @see AuthorizationRequestRepository * @see AuthorizationRequestUriBuilder * @see ClientRegistration @@ -132,18 +132,18 @@ public class AuthorizationRequestRedirectFilter extends OncePerRequestFilter { String redirectUriStr = this.expandRedirectUri(request, clientRegistration); Map additionalParameters = new HashMap<>(); - additionalParameters.put(OAuth2Parameter.REGISTRATION_ID, clientRegistration.getRegistrationId()); + additionalParameters.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId()); - AuthorizationRequest.Builder builder; + OAuth2AuthorizationRequest.Builder builder; if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(clientRegistration.getAuthorizationGrantType())) { - builder = AuthorizationRequest.authorizationCode(); + builder = OAuth2AuthorizationRequest.authorizationCode(); } else if (AuthorizationGrantType.IMPLICIT.equals(clientRegistration.getAuthorizationGrantType())) { - builder = AuthorizationRequest.implicit(); + builder = OAuth2AuthorizationRequest.implicit(); } else { throw new IllegalArgumentException("Invalid Authorization Grant Type for Client Registration (" + clientRegistration.getRegistrationId() + "): " + clientRegistration.getAuthorizationGrantType()); } - AuthorizationRequest authorizationRequest = builder + OAuth2AuthorizationRequest authorizationRequest = builder .clientId(clientRegistration.getClientId()) .authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri()) .redirectUri(redirectUriStr) diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java index 80eead68c2..fba7c96715 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java @@ -15,14 +15,14 @@ */ package org.springframework.security.oauth2.client.web; -import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * Implementations of this interface are responsible for the persistence - * of {@link AuthorizationRequest} between requests. + * of {@link OAuth2AuthorizationRequest} between requests. * *

* Used by the {@link AuthorizationRequestRedirectFilter} for persisting the Authorization Request @@ -32,16 +32,16 @@ import javax.servlet.http.HttpServletResponse; * * @author Joe Grandja * @since 5.0 - * @see AuthorizationRequest + * @see OAuth2AuthorizationRequest * @see HttpSessionAuthorizationRequestRepository */ public interface AuthorizationRequestRepository { - AuthorizationRequest loadAuthorizationRequest(HttpServletRequest request); + OAuth2AuthorizationRequest loadAuthorizationRequest(HttpServletRequest request); - void saveAuthorizationRequest(AuthorizationRequest authorizationRequest, HttpServletRequest request, + void saveAuthorizationRequest(OAuth2AuthorizationRequest authorizationRequest, HttpServletRequest request, HttpServletResponse response); - AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request); + OAuth2AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request); } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionAuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionAuthorizationRequestRepository.java index 29596ea16a..22788c54f0 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionAuthorizationRequestRepository.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionAuthorizationRequestRepository.java @@ -15,7 +15,7 @@ */ package org.springframework.security.oauth2.client.web; -import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -23,11 +23,11 @@ import javax.servlet.http.HttpSession; /** * An implementation of an {@link AuthorizationRequestRepository} that stores - * {@link AuthorizationRequest} in the {@link HttpSession}. + * {@link OAuth2AuthorizationRequest} in the {@link HttpSession}. * * @author Joe Grandja * @since 5.0 - * @see AuthorizationRequest + * @see OAuth2AuthorizationRequest */ public final class HttpSessionAuthorizationRequestRepository implements AuthorizationRequestRepository { private static final String DEFAULT_AUTHORIZATION_REQUEST_ATTR_NAME = @@ -35,16 +35,16 @@ public final class HttpSessionAuthorizationRequestRepository implements Authoriz private final String sessionAttributeName = DEFAULT_AUTHORIZATION_REQUEST_ATTR_NAME; @Override - public AuthorizationRequest loadAuthorizationRequest(HttpServletRequest request) { + public OAuth2AuthorizationRequest loadAuthorizationRequest(HttpServletRequest request) { HttpSession session = request.getSession(false); if (session != null) { - return (AuthorizationRequest) session.getAttribute(this.sessionAttributeName); + return (OAuth2AuthorizationRequest) session.getAttribute(this.sessionAttributeName); } return null; } @Override - public void saveAuthorizationRequest(AuthorizationRequest authorizationRequest, HttpServletRequest request, + public void saveAuthorizationRequest(OAuth2AuthorizationRequest authorizationRequest, HttpServletRequest request, HttpServletResponse response) { if (authorizationRequest == null) { this.removeAuthorizationRequest(request); @@ -54,8 +54,8 @@ public final class HttpSessionAuthorizationRequestRepository implements Authoriz } @Override - public AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request) { - AuthorizationRequest authorizationRequest = this.loadAuthorizationRequest(request); + public OAuth2AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request) { + OAuth2AuthorizationRequest authorizationRequest = this.loadAuthorizationRequest(request); if (authorizationRequest != null) { request.getSession().removeAttribute(this.sessionAttributeName); } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java index 68f1008f0b..a6c15445f2 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java @@ -26,14 +26,14 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.token.InMemoryAccessTokenRepository; import org.springframework.security.oauth2.client.token.OAuth2TokenRepository; -import org.springframework.security.oauth2.core.AccessToken; +import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; import org.springframework.security.oauth2.core.OAuth2Error; -import org.springframework.security.oauth2.core.OAuth2ErrorCode; -import org.springframework.security.oauth2.core.endpoint.AuthorizationExchange; -import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest; -import org.springframework.security.oauth2.core.endpoint.AuthorizationResponse; -import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter; +import org.springframework.security.oauth2.core.OAuth2ErrorCodes; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse; +import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.core.user.OAuth2User; import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; import org.springframework.util.Assert; @@ -54,13 +54,13 @@ import java.io.IOException; *

    *
  • * Assuming the resource owner (end-user) has granted access to the client, the authorization server will append the - * {@link OAuth2Parameter#CODE} and {@link OAuth2Parameter#STATE} (if provided in the Authorization Request) parameters - * to the {@link OAuth2Parameter#REDIRECT_URI} (provided in the Authorization Request) + * {@link OAuth2ParameterNames#CODE} and {@link OAuth2ParameterNames#STATE} (if provided in the Authorization Request) parameters + * to the {@link OAuth2ParameterNames#REDIRECT_URI} (provided in the Authorization Request) * and redirect the end-user's user-agent back to this Filter (the client). *
    • *
  • * This Filter will then create an {@link AuthorizationCodeAuthenticationToken} with - * the {@link OAuth2Parameter#CODE} received in the previous step and delegate it to + * the {@link OAuth2ParameterNames#CODE} received in the previous step and delegate it to * {@link OAuth2LoginAuthenticationProvider#authenticate(Authentication)} (indirectly via {@link AuthenticationManager}). *
    • *
@@ -71,8 +71,8 @@ import java.io.IOException; * @see AuthorizationCodeAuthenticationToken * @see OAuth2AuthenticationToken * @see OAuth2LoginAuthenticationProvider - * @see AuthorizationRequest - * @see AuthorizationResponse + * @see OAuth2AuthorizationRequest + * @see OAuth2AuthorizationResponse * @see AuthorizationRequestRepository * @see AuthorizationRequestRedirectFilter * @see ClientRegistrationRepository @@ -85,7 +85,7 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce private static final String AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE = "authorization_request_not_found"; private ClientRegistrationRepository clientRegistrationRepository; private AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository(); - private OAuth2TokenRepository accessTokenRepository = new InMemoryAccessTokenRepository(); + private OAuth2TokenRepository accessTokenRepository = new InMemoryAccessTokenRepository(); public OAuth2LoginAuthenticationFilter() { this(DEFAULT_FILTER_PROCESSES_URI); @@ -106,19 +106,19 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce throws AuthenticationException, IOException, ServletException { if (!this.authorizationResponseSuccess(request) && !this.authorizationResponseError(request)) { - OAuth2Error oauth2Error = new OAuth2Error(OAuth2ErrorCode.INVALID_REQUEST); + OAuth2Error oauth2Error = new OAuth2Error(OAuth2ErrorCodes.INVALID_REQUEST); throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()); } - AuthorizationResponse authorizationResponse = this.convert(request); + OAuth2AuthorizationResponse authorizationResponse = this.convert(request); - AuthorizationRequest authorizationRequest = this.authorizationRequestRepository.loadAuthorizationRequest(request); + OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestRepository.loadAuthorizationRequest(request); if (authorizationRequest == null) { OAuth2Error oauth2Error = new OAuth2Error(AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE); throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()); } this.authorizationRequestRepository.removeAuthorizationRequest(request); - String registrationId = (String)authorizationRequest.getAdditionalParameters().get(OAuth2Parameter.REGISTRATION_ID); + String registrationId = (String)authorizationRequest.getAdditionalParameters().get(OAuth2ParameterNames.REGISTRATION_ID); ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId); // The clientRegistration.redirectUri may contain Uri template variables, whether it's configured by @@ -133,7 +133,7 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce .build(); AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = new AuthorizationCodeAuthenticationToken( - clientRegistration, new AuthorizationExchange(authorizationRequest, authorizationResponse)); + clientRegistration, new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse)); authorizationCodeAuthentication.setDetails(this.authenticationDetailsSource.buildDetails(request)); OAuth2AuthenticationToken oauth2Authentication = @@ -157,26 +157,26 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce this.authorizationRequestRepository = authorizationRequestRepository; } - public final void setAccessTokenRepository(OAuth2TokenRepository accessTokenRepository) { + public final void setAccessTokenRepository(OAuth2TokenRepository accessTokenRepository) { Assert.notNull(accessTokenRepository, "accessTokenRepository cannot be null"); this.accessTokenRepository = accessTokenRepository; } - private AuthorizationResponse convert(HttpServletRequest request) { - String code = request.getParameter(OAuth2Parameter.CODE); - String errorCode = request.getParameter(OAuth2Parameter.ERROR); - String state = request.getParameter(OAuth2Parameter.STATE); + private OAuth2AuthorizationResponse convert(HttpServletRequest request) { + String code = request.getParameter(OAuth2ParameterNames.CODE); + String errorCode = request.getParameter(OAuth2ParameterNames.ERROR); + String state = request.getParameter(OAuth2ParameterNames.STATE); String redirectUri = request.getRequestURL().toString(); if (StringUtils.hasText(code)) { - return AuthorizationResponse.success(code) + return OAuth2AuthorizationResponse.success(code) .redirectUri(redirectUri) .state(state) .build(); } else { - String errorDescription = request.getParameter(OAuth2Parameter.ERROR_DESCRIPTION); - String errorUri = request.getParameter(OAuth2Parameter.ERROR_URI); - return AuthorizationResponse.error(errorCode) + String errorDescription = request.getParameter(OAuth2ParameterNames.ERROR_DESCRIPTION); + String errorUri = request.getParameter(OAuth2ParameterNames.ERROR_URI); + return OAuth2AuthorizationResponse.error(errorCode) .redirectUri(redirectUri) .errorDescription(errorDescription) .errorUri(errorUri) @@ -186,12 +186,12 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce } private boolean authorizationResponseSuccess(HttpServletRequest request) { - return StringUtils.hasText(request.getParameter(OAuth2Parameter.CODE)) && - StringUtils.hasText(request.getParameter(OAuth2Parameter.STATE)); + return StringUtils.hasText(request.getParameter(OAuth2ParameterNames.CODE)) && + StringUtils.hasText(request.getParameter(OAuth2ParameterNames.STATE)); } private boolean authorizationResponseError(HttpServletRequest request) { - return StringUtils.hasText(request.getParameter(OAuth2Parameter.ERROR)) && - StringUtils.hasText(request.getParameter(OAuth2Parameter.STATE)); + return StringUtils.hasText(request.getParameter(OAuth2ParameterNames.ERROR)) && + StringUtils.hasText(request.getParameter(OAuth2ParameterNames.STATE)); } } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationRequestUriBuilderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationRequestUriBuilderTests.java index ffd2ad519e..fd96ecf661 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationRequestUriBuilderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationRequestUriBuilderTests.java @@ -17,7 +17,7 @@ package org.springframework.security.oauth2.client.endpoint; import org.junit.Test; -import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; import java.net.URI; import java.util.Arrays; @@ -35,7 +35,7 @@ public class DefaultAuthorizationRequestUriBuilderTests { @Test public void buildWhenScopeMultiThenSeparatedByEncodedSpace() { - AuthorizationRequest request = AuthorizationRequest.implicit() + OAuth2AuthorizationRequest request = OAuth2AuthorizationRequest.implicit() .additionalParameters(Collections.singletonMap("foo","bar")) .authorizationUri("https://idp.example.com/oauth2/v2/auth") .clientId("client-id") diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRedirectFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRedirectFilterTests.java index 27b7cb10df..46025a4edf 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRedirectFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRedirectFilterTests.java @@ -23,7 +23,7 @@ import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; -import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; import org.springframework.security.oauth2.client.endpoint.AuthorizationRequestUriBuilder; import javax.servlet.FilterChain; @@ -101,7 +101,7 @@ public class AuthorizationRequestRedirectFilterTests { Mockito.verifyZeroInteractions(filterChain); // Request should not proceed up the chain // The authorization request attributes are saved in the session before the redirect happens - AuthorizationRequest authorizationRequest = + OAuth2AuthorizationRequest authorizationRequest = authorizationRequestRepository.loadAuthorizationRequest(request); Assertions.assertThat(authorizationRequest).isNotNull(); @@ -119,7 +119,7 @@ public class AuthorizationRequestRedirectFilterTests { AuthorizationRequestUriBuilder authorizationUriBuilder = Mockito.mock(AuthorizationRequestUriBuilder.class); URI authorizationURI = new URI(authorizationUri); - Mockito.when(authorizationUriBuilder.build(Matchers.any(AuthorizationRequest.class))).thenReturn(authorizationURI); + Mockito.when(authorizationUriBuilder.build(Matchers.any(OAuth2AuthorizationRequest.class))).thenReturn(authorizationURI); return setupFilter(authorizationUriBuilder, clientRegistrations); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java index 46e23903c0..46457716e7 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java @@ -31,11 +31,11 @@ import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; -import org.springframework.security.oauth2.core.AccessToken; +import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; -import org.springframework.security.oauth2.core.OAuth2ErrorCode; -import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest; -import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter; +import org.springframework.security.oauth2.core.OAuth2ErrorCodes; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; +import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.core.user.OAuth2User; import org.springframework.security.web.authentication.AuthenticationFailureHandler; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; @@ -82,9 +82,9 @@ public class OAuth2LoginAuthenticationFilterTests { filter.setAuthenticationFailureHandler(failureHandler); MockHttpServletRequest request = this.setupRequest(clientRegistration); - String errorCode = OAuth2ErrorCode.INVALID_GRANT; - request.addParameter(OAuth2Parameter.ERROR, errorCode); - request.addParameter(OAuth2Parameter.STATE, "some state"); + String errorCode = OAuth2ErrorCodes.INVALID_GRANT; + request.addParameter(OAuth2ParameterNames.ERROR, errorCode); + request.addParameter(OAuth2ParameterNames.STATE, "some state"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); @@ -99,7 +99,7 @@ public class OAuth2LoginAuthenticationFilterTests { public void doFilterWhenAuthorizationCodeSuccessResponseThenAuthenticationSuccessHandlerIsCalled() throws Exception { ClientRegistration clientRegistration = TestUtil.githubClientRegistration(); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient( - clientRegistration, "principal", mock(AccessToken.class)); + clientRegistration, "principal", mock(OAuth2AccessToken.class)); OAuth2AuthenticationToken userAuthentication = new OAuth2AuthenticationToken( mock(OAuth2User.class), AuthorityUtils.createAuthorityList("ROLE_USER"), authorizedClient); SecurityContextHolder.getContext().setAuthentication(userAuthentication); @@ -115,8 +115,8 @@ public class OAuth2LoginAuthenticationFilterTests { MockHttpServletRequest request = this.setupRequest(clientRegistration); String authCode = "some code"; String state = "some state"; - request.addParameter(OAuth2Parameter.CODE, authCode); - request.addParameter(OAuth2Parameter.STATE, state); + request.addParameter(OAuth2ParameterNames.CODE, authCode); + request.addParameter(OAuth2ParameterNames.STATE, state); MockHttpServletResponse response = new MockHttpServletResponse(); setupAuthorizationRequest(authorizationRequestRepository, request, response, clientRegistration, state); FilterChain filterChain = mock(FilterChain.class); @@ -142,8 +142,8 @@ public class OAuth2LoginAuthenticationFilterTests { MockHttpServletRequest request = this.setupRequest(clientRegistration); String authCode = "some code"; String state = "some state"; - request.addParameter(OAuth2Parameter.CODE, authCode); - request.addParameter(OAuth2Parameter.STATE, state); + request.addParameter(OAuth2ParameterNames.CODE, authCode); + request.addParameter(OAuth2ParameterNames.STATE, state); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); @@ -194,10 +194,10 @@ public class OAuth2LoginAuthenticationFilterTests { String state) { Map additionalParameters = new HashMap<>(); - additionalParameters.put(OAuth2Parameter.REGISTRATION_ID, clientRegistration.getRegistrationId()); + additionalParameters.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId()); - AuthorizationRequest authorizationRequest = - AuthorizationRequest.authorizationCode() + OAuth2AuthorizationRequest authorizationRequest = + OAuth2AuthorizationRequest.authorizationCode() .clientId(clientRegistration.getClientId()) .authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri()) .redirectUri(clientRegistration.getRedirectUri()) diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AccessToken.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java similarity index 89% rename from oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AccessToken.java rename to oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java index 84b582a332..fa34f0e0a4 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AccessToken.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java @@ -34,15 +34,15 @@ import java.util.Set; * @since 5.0 * @see Section 1.4 Access Token */ -public class AccessToken extends AbstractOAuth2Token { +public class OAuth2AccessToken extends AbstractOAuth2Token { private final TokenType tokenType; private final Set scopes; - public AccessToken(TokenType tokenType, String tokenValue, Instant issuedAt, Instant expiresAt) { + public OAuth2AccessToken(TokenType tokenType, String tokenValue, Instant issuedAt, Instant expiresAt) { this(tokenType, tokenValue, issuedAt, expiresAt, Collections.emptySet()); } - public AccessToken(TokenType tokenType, String tokenValue, Instant issuedAt, Instant expiresAt, Set scopes) { + public OAuth2AccessToken(TokenType tokenType, String tokenValue, Instant issuedAt, Instant expiresAt, Set scopes) { super(tokenValue, issuedAt, expiresAt); Assert.notNull(tokenType, "tokenType cannot be null"); this.tokenType = tokenType; diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2ErrorCode.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2ErrorCodes.java similarity index 97% rename from oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2ErrorCode.java rename to oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2ErrorCodes.java index 0642f2f0c3..3acd560cb6 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2ErrorCode.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2ErrorCodes.java @@ -21,7 +21,7 @@ package org.springframework.security.oauth2.core; * @author Joe Grandja * @since 5.0 */ -public interface OAuth2ErrorCode { +public interface OAuth2ErrorCodes { String INVALID_REQUEST = "invalid_request"; diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/TokenResponse.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java similarity index 78% rename from oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/TokenResponse.java rename to oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java index f33aa66ac8..d41ce60119 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/TokenResponse.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java @@ -15,7 +15,7 @@ */ package org.springframework.security.oauth2.core.endpoint; -import org.springframework.security.oauth2.core.AccessToken; +import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.util.Assert; import org.springframework.util.CollectionUtils; @@ -29,21 +29,21 @@ import java.util.Set; * * @author Joe Grandja * @since 5.0 - * @see AccessToken + * @see OAuth2AccessToken * @see Section 5.1 Access Token Response */ -public final class TokenResponse { - private AccessToken accessToken; +public final class OAuth2AccessTokenResponse { + private OAuth2AccessToken accessToken; private Map additionalParameters; - private TokenResponse() { + private OAuth2AccessTokenResponse() { } public String getTokenValue() { return this.accessToken.getTokenValue(); } - public AccessToken.TokenType getTokenType() { + public OAuth2AccessToken.TokenType getTokenType() { return this.accessToken.getTokenType(); } @@ -69,7 +69,7 @@ public final class TokenResponse { public static class Builder { private String tokenValue; - private AccessToken.TokenType tokenType; + private OAuth2AccessToken.TokenType tokenType; private long expiresIn; private Set scopes; private Map additionalParameters; @@ -78,7 +78,7 @@ public final class TokenResponse { this.tokenValue = tokenValue; } - public Builder tokenType(AccessToken.TokenType tokenType) { + public Builder tokenType(OAuth2AccessToken.TokenType tokenType) { this.tokenType = tokenType; return this; } @@ -98,15 +98,15 @@ public final class TokenResponse { return this; } - public TokenResponse build() { + public OAuth2AccessTokenResponse build() { Assert.isTrue(this.expiresIn >= 0, "expiresIn must be a positive number"); Instant issuedAt = Instant.now(); - TokenResponse tokenResponse = new TokenResponse(); - tokenResponse.accessToken = new AccessToken(this.tokenType, this.tokenValue, issuedAt, + OAuth2AccessTokenResponse accessTokenResponse = new OAuth2AccessTokenResponse(); + accessTokenResponse.accessToken = new OAuth2AccessToken(this.tokenType, this.tokenValue, issuedAt, issuedAt.plusSeconds(this.expiresIn), this.scopes); - tokenResponse.additionalParameters = Collections.unmodifiableMap( + accessTokenResponse.additionalParameters = Collections.unmodifiableMap( CollectionUtils.isEmpty(this.additionalParameters) ? Collections.emptyMap() : this.additionalParameters); - return tokenResponse; + return accessTokenResponse; } } } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationExchange.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchange.java similarity index 70% rename from oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationExchange.java rename to oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchange.java index 1c431bc96c..4664718236 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationExchange.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchange.java @@ -23,26 +23,26 @@ import org.springframework.util.Assert; * * @author Joe Grandja * @since 5.0 - * @see AuthorizationRequest - * @see AuthorizationResponse + * @see OAuth2AuthorizationRequest + * @see OAuth2AuthorizationResponse */ -public final class AuthorizationExchange { - private final AuthorizationRequest authorizationRequest; - private final AuthorizationResponse authorizationResponse; +public final class OAuth2AuthorizationExchange { + private final OAuth2AuthorizationRequest authorizationRequest; + private final OAuth2AuthorizationResponse authorizationResponse; - public AuthorizationExchange(AuthorizationRequest authorizationRequest, - AuthorizationResponse authorizationResponse) { + public OAuth2AuthorizationExchange(OAuth2AuthorizationRequest authorizationRequest, + OAuth2AuthorizationResponse authorizationResponse) { Assert.notNull(authorizationRequest, "authorizationRequest cannot be null"); Assert.notNull(authorizationResponse, "authorizationResponse cannot be null"); this.authorizationRequest = authorizationRequest; this.authorizationResponse = authorizationResponse; } - public AuthorizationRequest getAuthorizationRequest() { + public OAuth2AuthorizationRequest getAuthorizationRequest() { return this.authorizationRequest; } - public AuthorizationResponse getAuthorizationResponse() { + public OAuth2AuthorizationResponse getAuthorizationResponse() { return this.authorizationResponse; } } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationRequest.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java similarity index 90% rename from oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationRequest.java rename to oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java index 30f1ea47c0..2fea0b6442 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationRequest.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java @@ -36,22 +36,22 @@ import java.util.stream.Collectors; * @author Joe Grandja * @since 5.0 * @see AuthorizationGrantType - * @see ResponseType + * @see OAuth2AuthorizationResponseType * @see Section 4.1.1 Authorization Code Grant Request * @see Section 4.2.1 Implicit Grant Request */ -public final class AuthorizationRequest implements Serializable { +public final class OAuth2AuthorizationRequest implements Serializable { private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID; private String authorizationUri; private AuthorizationGrantType authorizationGrantType; - private ResponseType responseType; + private OAuth2AuthorizationResponseType responseType; private String clientId; private String redirectUri; private Set scopes; private String state; private Map additionalParameters; - private AuthorizationRequest() { + private OAuth2AuthorizationRequest() { } public String getAuthorizationUri() { @@ -62,7 +62,7 @@ public final class AuthorizationRequest implements Serializable { return this.authorizationGrantType; } - public ResponseType getResponseType() { + public OAuth2AuthorizationResponseType getResponseType() { return this.responseType; } @@ -97,7 +97,7 @@ public final class AuthorizationRequest implements Serializable { public static class Builder { private String authorizationUri; private AuthorizationGrantType authorizationGrantType; - private ResponseType responseType; + private OAuth2AuthorizationResponseType responseType; private String clientId; private String redirectUri; private Set scopes; @@ -108,9 +108,9 @@ public final class AuthorizationRequest implements Serializable { Assert.notNull(authorizationGrantType, "authorizationGrantType cannot be null"); this.authorizationGrantType = authorizationGrantType; if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(authorizationGrantType)) { - this.responseType = ResponseType.CODE; + this.responseType = OAuth2AuthorizationResponseType.CODE; } else if (AuthorizationGrantType.IMPLICIT.equals(authorizationGrantType)) { - this.responseType = ResponseType.TOKEN; + this.responseType = OAuth2AuthorizationResponseType.TOKEN; } } @@ -152,14 +152,14 @@ public final class AuthorizationRequest implements Serializable { return this; } - public AuthorizationRequest build() { + public OAuth2AuthorizationRequest build() { Assert.hasText(this.authorizationUri, "authorizationUri cannot be empty"); Assert.hasText(this.clientId, "clientId cannot be empty"); if (AuthorizationGrantType.IMPLICIT.equals(this.authorizationGrantType)) { Assert.hasText(this.redirectUri, "redirectUri cannot be empty"); } - AuthorizationRequest authorizationRequest = new AuthorizationRequest(); + OAuth2AuthorizationRequest authorizationRequest = new OAuth2AuthorizationRequest(); authorizationRequest.authorizationUri = this.authorizationUri; authorizationRequest.authorizationGrantType = this.authorizationGrantType; authorizationRequest.responseType = this.responseType; diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationResponse.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java similarity index 93% rename from oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationResponse.java rename to oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java index 2732af01b9..335ba04358 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationResponse.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java @@ -26,13 +26,13 @@ import org.springframework.util.StringUtils; * @since 5.0 * @see Section 4.1.2 Authorization Response */ -public final class AuthorizationResponse { +public final class OAuth2AuthorizationResponse { private String redirectUri; private String state; private String code; private OAuth2Error error; - private AuthorizationResponse() { + private OAuth2AuthorizationResponse() { } public String getRedirectUri() { @@ -110,13 +110,13 @@ public final class AuthorizationResponse { return this; } - public AuthorizationResponse build() { + public OAuth2AuthorizationResponse build() { if (StringUtils.hasText(this.code) && StringUtils.hasText(this.errorCode)) { throw new IllegalArgumentException("code and errorCode cannot both be set"); } Assert.hasText(this.redirectUri, "redirectUri cannot be empty"); - AuthorizationResponse authorizationResponse = new AuthorizationResponse(); + OAuth2AuthorizationResponse authorizationResponse = new OAuth2AuthorizationResponse(); authorizationResponse.redirectUri = this.redirectUri; authorizationResponse.state = this.state; if (StringUtils.hasText(this.code)) { diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/ResponseType.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseType.java similarity index 82% rename from oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/ResponseType.java rename to oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseType.java index 02c5596d7d..9ef19a6112 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/ResponseType.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseType.java @@ -33,13 +33,13 @@ import java.io.Serializable; * @since 5.0 * @see Section 3.1.1 Response Type */ -public final class ResponseType implements Serializable { +public final class OAuth2AuthorizationResponseType implements Serializable { private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID; - public static final ResponseType CODE = new ResponseType("code"); - public static final ResponseType TOKEN = new ResponseType("token"); + public static final OAuth2AuthorizationResponseType CODE = new OAuth2AuthorizationResponseType("code"); + public static final OAuth2AuthorizationResponseType TOKEN = new OAuth2AuthorizationResponseType("token"); private final String value; - private ResponseType(String value) { + private OAuth2AuthorizationResponseType(String value) { Assert.hasText(value, "value cannot be empty"); this.value = value; } @@ -56,7 +56,7 @@ public final class ResponseType implements Serializable { if (obj == null || this.getClass() != obj.getClass()) { return false; } - ResponseType that = (ResponseType) obj; + OAuth2AuthorizationResponseType that = (OAuth2AuthorizationResponseType) obj; return this.getValue().equals(that.getValue()); } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2Parameter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2ParameterNames.java similarity index 90% rename from oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2Parameter.java rename to oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2ParameterNames.java index c548b3ec2f..ccc1c4c983 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2Parameter.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2ParameterNames.java @@ -16,14 +16,14 @@ package org.springframework.security.oauth2.core.endpoint; /** - * Standard and additional (custom) parameters defined in the OAuth Parameters Registry + * Standard and additional (custom) parameter names defined in the OAuth Parameters Registry * and used by the authorization endpoint and token endpoint. * * @author Joe Grandja * @since 5.0 * @see 11.2 OAuth Parameters Registry */ -public interface OAuth2Parameter { +public interface OAuth2ParameterNames { String RESPONSE_TYPE = "response_type"; diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/Address.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/AddressStandardClaim.java similarity index 97% rename from oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/Address.java rename to oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/AddressStandardClaim.java index c11df3b1d3..d26e60a743 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/Address.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/AddressStandardClaim.java @@ -25,7 +25,7 @@ package org.springframework.security.oauth2.core.oidc; * @see UserInfo Response * @see ID Token */ -public interface Address { +public interface AddressStandardClaim { String getFormatted(); diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddress.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java similarity index 90% rename from oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddress.java rename to oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java index 19336165d4..f1cb601d29 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddress.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java @@ -18,13 +18,13 @@ package org.springframework.security.oauth2.core.oidc; import java.util.Map; /** - * The default implementation of an {@link Address}. + * The default implementation of an {@link AddressStandardClaim Address Claim}. * * @author Joe Grandja * @since 5.0 - * @see Address + * @see AddressStandardClaim */ -public final class DefaultAddress implements Address { +public final class DefaultAddressStandardClaim implements AddressStandardClaim { private String formatted; private String streetAddress; private String locality; @@ -32,7 +32,7 @@ public final class DefaultAddress implements Address { private String postalCode; private String country; - private DefaultAddress() { + private DefaultAddressStandardClaim() { } @Override @@ -121,8 +121,8 @@ public final class DefaultAddress implements Address { return this; } - public Address build() { - DefaultAddress address = new DefaultAddress(); + public AddressStandardClaim build() { + DefaultAddressStandardClaim address = new DefaultAddressStandardClaim(); address.formatted = this.formatted; address.streetAddress = this.streetAddress; address.locality = this.locality; diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java index ddd343c117..69785331d1 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java @@ -27,9 +27,9 @@ import java.util.List; * * @see ClaimAccessor * @see StandardClaimAccessor - * @see StandardClaim - * @see IdTokenClaim - * @see IdToken + * @see StandardClaimNames + * @see IdTokenClaimNames + * @see OidcIdToken * @see ID Token * @see Standard Claims * @author Joe Grandja @@ -38,50 +38,50 @@ import java.util.List; public interface IdTokenClaimAccessor extends StandardClaimAccessor { default URL getIssuer() { - return this.getClaimAsURL(IdTokenClaim.ISS); + return this.getClaimAsURL(IdTokenClaimNames.ISS); } default String getSubject() { - return this.getClaimAsString(IdTokenClaim.SUB); + return this.getClaimAsString(IdTokenClaimNames.SUB); } default List getAudience() { - return this.getClaimAsStringList(IdTokenClaim.AUD); + return this.getClaimAsStringList(IdTokenClaimNames.AUD); } default Instant getExpiresAt() { - return this.getClaimAsInstant(IdTokenClaim.EXP); + return this.getClaimAsInstant(IdTokenClaimNames.EXP); } default Instant getIssuedAt() { - return this.getClaimAsInstant(IdTokenClaim.IAT); + return this.getClaimAsInstant(IdTokenClaimNames.IAT); } default Instant getAuthenticatedAt() { - return this.getClaimAsInstant(IdTokenClaim.AUTH_TIME); + return this.getClaimAsInstant(IdTokenClaimNames.AUTH_TIME); } default String getNonce() { - return this.getClaimAsString(IdTokenClaim.NONCE); + return this.getClaimAsString(IdTokenClaimNames.NONCE); } default String getAuthenticationContextClass() { - return this.getClaimAsString(IdTokenClaim.ACR); + return this.getClaimAsString(IdTokenClaimNames.ACR); } default List getAuthenticationMethods() { - return this.getClaimAsStringList(IdTokenClaim.AMR); + return this.getClaimAsStringList(IdTokenClaimNames.AMR); } default String getAuthorizedParty() { - return this.getClaimAsString(IdTokenClaim.AZP); + return this.getClaimAsString(IdTokenClaimNames.AZP); } default String getAccessTokenHash() { - return this.getClaimAsString(IdTokenClaim.AT_HASH); + return this.getClaimAsString(IdTokenClaimNames.AT_HASH); } default String getAuthorizationCodeHash() { - return this.getClaimAsString(IdTokenClaim.C_HASH); + return this.getClaimAsString(IdTokenClaimNames.C_HASH); } } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaim.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimNames.java similarity index 88% rename from oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaim.java rename to oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimNames.java index 3b56465eca..536e1b3d32 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaim.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimNames.java @@ -16,16 +16,16 @@ package org.springframework.security.oauth2.core.oidc; /** - * The "Claims" defined by the OpenID Connect Core 1.0 specification + * The names of the "Claims" defined by the OpenID Connect Core 1.0 specification * that can be returned in the ID Token. * * @author Joe Grandja * @since 5.0 - * @see IdToken + * @see OidcIdToken * @see ID Token */ -public interface IdTokenClaim { +public interface IdTokenClaimNames { String ISS = "iss"; diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdToken.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java similarity index 86% rename from oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdToken.java rename to oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java index a45d8735a1..4bf7437c26 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdToken.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java @@ -27,7 +27,7 @@ import java.util.Map; * An implementation of an {@link AbstractOAuth2Token} representing an OpenID Connect Core 1.0 ID Token. * *

- * The IdToken is a security token that contains "Claims" + * The OidcIdToken is a security token that contains "Claims" * about the authentication of an End-User by an Authorization Server. * * @author Joe Grandja @@ -38,10 +38,10 @@ import java.util.Map; * @see ID Token * @see Standard Claims */ -public class IdToken extends AbstractOAuth2Token implements IdTokenClaimAccessor { +public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAccessor { private final Map claims; - public IdToken(String tokenValue, Instant issuedAt, Instant expiresAt, Map claims) { + public OidcIdToken(String tokenValue, Instant issuedAt, Instant expiresAt, Map claims) { super(tokenValue, issuedAt, expiresAt); Assert.notEmpty(claims, "claims cannot be empty"); this.claims = Collections.unmodifiableMap(new LinkedHashMap<>(claims)); diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcScope.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcScopes.java similarity index 81% rename from oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcScope.java rename to oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcScopes.java index 347e719a58..1134da5cf1 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcScope.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcScopes.java @@ -15,22 +15,22 @@ */ package org.springframework.security.oauth2.core.oidc; -import org.springframework.security.oauth2.core.AccessToken; +import org.springframework.security.oauth2.core.OAuth2AccessToken; /** * The scope values defined by the OpenID Connect Core 1.0 specification - * that can be used to request {@link StandardClaim Claims}. + * that can be used to request {@link StandardClaimNames Claims}. *

- * The scope(s) associated to an {@link AccessToken} determine what claims (resources) + * The scope(s) associated to an {@link OAuth2AccessToken} determine what claims (resources) * will be available when they are used to access OAuth 2.0 Protected Endpoints, * such as the UserInfo Endpoint. * * @author Joe Grandja * @since 5.0 - * @see StandardClaim + * @see StandardClaimNames * @see Requesting Claims using Scope Values */ -public interface OidcScope { +public interface OidcScopes { String OPENID = "openid"; diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/UserInfo.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java similarity index 87% rename from oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/UserInfo.java rename to oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java index c55753d634..75ee026275 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/UserInfo.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java @@ -26,7 +26,7 @@ import java.util.Map; * from the OAuth 2.0 Protected Resource UserInfo Endpoint. * *

- * The UserInfo contains a set of "Standard Claims" about the authentication of an End-User. + * The OidcUserInfo contains a set of "Standard Claims" about the authentication of an End-User. * * @author Joe Grandja * @since 5.0 @@ -35,10 +35,10 @@ import java.util.Map; * @see UserInfo Endpoint * @see Standard Claims */ -public class UserInfo implements StandardClaimAccessor { +public class OidcUserInfo implements StandardClaimAccessor { private final Map claims; - public UserInfo(Map claims) { + public OidcUserInfo(Map claims) { Assert.notEmpty(claims, "claims cannot be empty"); this.claims = Collections.unmodifiableMap(new LinkedHashMap<>(claims)); } @@ -57,7 +57,7 @@ public class UserInfo implements StandardClaimAccessor { return false; } - UserInfo that = (UserInfo) obj; + OidcUserInfo that = (OidcUserInfo) obj; return this.getClaims().equals(that.getClaims()); } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java index d04344d523..a1f7055e57 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java @@ -26,8 +26,8 @@ import java.util.Map; * either in the UserInfo Response or the ID Token. * * @see ClaimAccessor - * @see StandardClaim - * @see UserInfo + * @see StandardClaimNames + * @see OidcUserInfo * @see UserInfo Response * @see Standard Claims * @author Joe Grandja @@ -36,85 +36,85 @@ import java.util.Map; public interface StandardClaimAccessor extends ClaimAccessor { default String getSubject() { - return this.getClaimAsString(StandardClaim.SUB); + return this.getClaimAsString(StandardClaimNames.SUB); } default String getFullName() { - return this.getClaimAsString(StandardClaim.NAME); + return this.getClaimAsString(StandardClaimNames.NAME); } default String getGivenName() { - return this.getClaimAsString(StandardClaim.GIVEN_NAME); + return this.getClaimAsString(StandardClaimNames.GIVEN_NAME); } default String getFamilyName() { - return this.getClaimAsString(StandardClaim.FAMILY_NAME); + return this.getClaimAsString(StandardClaimNames.FAMILY_NAME); } default String getMiddleName() { - return this.getClaimAsString(StandardClaim.MIDDLE_NAME); + return this.getClaimAsString(StandardClaimNames.MIDDLE_NAME); } default String getNickName() { - return this.getClaimAsString(StandardClaim.NICKNAME); + return this.getClaimAsString(StandardClaimNames.NICKNAME); } default String getPreferredUsername() { - return this.getClaimAsString(StandardClaim.PREFERRED_USERNAME); + return this.getClaimAsString(StandardClaimNames.PREFERRED_USERNAME); } default String getProfile() { - return this.getClaimAsString(StandardClaim.PROFILE); + return this.getClaimAsString(StandardClaimNames.PROFILE); } default String getPicture() { - return this.getClaimAsString(StandardClaim.PICTURE); + return this.getClaimAsString(StandardClaimNames.PICTURE); } default String getWebsite() { - return this.getClaimAsString(StandardClaim.WEBSITE); + return this.getClaimAsString(StandardClaimNames.WEBSITE); } default String getEmail() { - return this.getClaimAsString(StandardClaim.EMAIL); + return this.getClaimAsString(StandardClaimNames.EMAIL); } default Boolean getEmailVerified() { - return this.getClaimAsBoolean(StandardClaim.EMAIL_VERIFIED); + return this.getClaimAsBoolean(StandardClaimNames.EMAIL_VERIFIED); } default String getGender() { - return this.getClaimAsString(StandardClaim.GENDER); + return this.getClaimAsString(StandardClaimNames.GENDER); } default String getBirthdate() { - return this.getClaimAsString(StandardClaim.BIRTHDATE); + return this.getClaimAsString(StandardClaimNames.BIRTHDATE); } default String getZoneInfo() { - return this.getClaimAsString(StandardClaim.ZONEINFO); + return this.getClaimAsString(StandardClaimNames.ZONEINFO); } default String getLocale() { - return this.getClaimAsString(StandardClaim.LOCALE); + return this.getClaimAsString(StandardClaimNames.LOCALE); } default String getPhoneNumber() { - return this.getClaimAsString(StandardClaim.PHONE_NUMBER); + return this.getClaimAsString(StandardClaimNames.PHONE_NUMBER); } default Boolean getPhoneNumberVerified() { - return this.getClaimAsBoolean(StandardClaim.PHONE_NUMBER_VERIFIED); + return this.getClaimAsBoolean(StandardClaimNames.PHONE_NUMBER_VERIFIED); } - default Address getAddress() { - Map addressFields = this.getClaimAsMap(StandardClaim.ADDRESS); + default AddressStandardClaim getAddress() { + Map addressFields = this.getClaimAsMap(StandardClaimNames.ADDRESS); return (!CollectionUtils.isEmpty(addressFields) ? - new DefaultAddress.Builder(addressFields).build() : - new DefaultAddress.Builder().build()); + new DefaultAddressStandardClaim.Builder(addressFields).build() : + new DefaultAddressStandardClaim.Builder().build()); } default Instant getUpdatedAt() { - return this.getClaimAsInstant(StandardClaim.UPDATED_AT); + return this.getClaimAsInstant(StandardClaimNames.UPDATED_AT); } } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaim.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimNames.java similarity index 92% rename from oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaim.java rename to oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimNames.java index 2219b120d4..039da79770 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaim.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimNames.java @@ -16,7 +16,7 @@ package org.springframework.security.oauth2.core.oidc; /** - * The "Standard Claims" defined by the OpenID Connect Core 1.0 specification + * The names of the "Standard Claims" defined by the OpenID Connect Core 1.0 specification * that can be returned either in the UserInfo Response or the ID Token. * * @author Joe Grandja @@ -25,7 +25,7 @@ package org.springframework.security.oauth2.core.oidc; * @see UserInfo Response * @see ID Token */ -public interface StandardClaim { +public interface StandardClaimNames { String SUB = "sub"; diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/endpoint/OidcParameter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/endpoint/OidcParameterNames.java similarity index 90% rename from oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/endpoint/OidcParameter.java rename to oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/endpoint/OidcParameterNames.java index 03fbdb3951..1d86f926a8 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/endpoint/OidcParameter.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/endpoint/OidcParameterNames.java @@ -16,14 +16,14 @@ package org.springframework.security.oauth2.core.oidc.endpoint; /** - * Standard parameters defined in the OAuth Parameters Registry + * Standard parameter names defined in the OAuth Parameters Registry * and used by the authorization endpoint and token endpoint. * * @author Joe Grandja * @since 5.0 * @see 18.2 OAuth Parameters Registration */ -public interface OidcParameter { +public interface OidcParameterNames { String ID_TOKEN = "id_token"; diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java index a1ac23a8b5..5880b4f1c5 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java @@ -17,11 +17,10 @@ package org.springframework.security.oauth2.core.oidc.user; import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.oauth2.core.oidc.user.OidcUser; +import org.springframework.security.oauth2.core.oidc.OidcIdToken; +import org.springframework.security.oauth2.core.oidc.OidcUserInfo; import org.springframework.security.oauth2.core.user.DefaultOAuth2User; -import org.springframework.security.oauth2.core.oidc.IdToken; -import org.springframework.security.oauth2.core.oidc.IdTokenClaim; -import org.springframework.security.oauth2.core.oidc.UserInfo; +import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames; import java.util.Map; import java.util.Set; @@ -32,34 +31,34 @@ import java.util.Set; *

* The claim used for accessing the "name" of the * user Principal via {@link #getClaims()} - * is {@link IdTokenClaim#SUB}. + * is {@link IdTokenClaimNames#SUB}. * * @author Joe Grandja * @author Vedran Pavic * @since 5.0 * @see OidcUser * @see DefaultOAuth2User - * @see IdToken - * @see UserInfo + * @see OidcIdToken + * @see OidcUserInfo */ public class DefaultOidcUser extends DefaultOAuth2User implements OidcUser { - private final IdToken idToken; - private final UserInfo userInfo; + private final OidcIdToken idToken; + private final OidcUserInfo userInfo; - public DefaultOidcUser(Set authorities, IdToken idToken) { - this(authorities, idToken, IdTokenClaim.SUB); + public DefaultOidcUser(Set authorities, OidcIdToken idToken) { + this(authorities, idToken, IdTokenClaimNames.SUB); } - public DefaultOidcUser(Set authorities, IdToken idToken, String nameAttributeKey) { + public DefaultOidcUser(Set authorities, OidcIdToken idToken, String nameAttributeKey) { this(authorities, idToken, null, nameAttributeKey); } - public DefaultOidcUser(Set authorities, IdToken idToken, UserInfo userInfo) { - this(authorities, idToken, userInfo, IdTokenClaim.SUB); + public DefaultOidcUser(Set authorities, OidcIdToken idToken, OidcUserInfo userInfo) { + this(authorities, idToken, userInfo, IdTokenClaimNames.SUB); } - public DefaultOidcUser(Set authorities, IdToken idToken, UserInfo userInfo, - String nameAttributeKey) { + public DefaultOidcUser(Set authorities, OidcIdToken idToken, OidcUserInfo userInfo, + String nameAttributeKey) { super(authorities, OidcUser.collectClaims(idToken, userInfo), nameAttributeKey); this.idToken = idToken; this.userInfo = userInfo; @@ -70,11 +69,11 @@ public class DefaultOidcUser extends DefaultOAuth2User implements OidcUser { return this.getAttributes(); } - public IdToken getIdToken() { + public OidcIdToken getIdToken() { return this.idToken; } - public UserInfo getUserInfo() { + public OidcUserInfo getUserInfo() { return this.userInfo; } } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java index ccdd7825f9..da9fb6830b 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java @@ -17,11 +17,11 @@ package org.springframework.security.oauth2.core.oidc.user; import org.springframework.security.core.AuthenticatedPrincipal; import org.springframework.security.core.Authentication; +import org.springframework.security.oauth2.core.oidc.OidcUserInfo; import org.springframework.security.oauth2.core.user.OAuth2User; -import org.springframework.security.oauth2.core.oidc.IdToken; +import org.springframework.security.oauth2.core.oidc.OidcIdToken; import org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor; import org.springframework.security.oauth2.core.oidc.StandardClaimAccessor; -import org.springframework.security.oauth2.core.oidc.UserInfo; import org.springframework.util.Assert; import java.util.HashMap; @@ -33,7 +33,7 @@ import java.util.Map; * *

* An OidcUser contains "Claims" about the Authentication of the End-User. - * The claims are aggregated from the IdToken and optionally the UserInfo. + * The claims are aggregated from the OidcIdToken and optionally the OidcUserInfo. * *

* Implementation instances of this interface represent an {@link AuthenticatedPrincipal} @@ -44,8 +44,8 @@ import java.util.Map; * @since 5.0 * @see DefaultOidcUser * @see OAuth2User - * @see IdToken - * @see UserInfo + * @see OidcIdToken + * @see OidcUserInfo * @see IdTokenClaimAccessor * @see StandardClaimAccessor * @see ID Token @@ -55,7 +55,7 @@ public interface OidcUser extends OAuth2User, IdTokenClaimAccessor { Map getClaims(); - static Map collectClaims(IdToken idToken, UserInfo userInfo) { + static Map collectClaims(OidcIdToken idToken, OidcUserInfo userInfo) { Assert.notNull(idToken, "idToken cannot be null"); Map claims = new HashMap<>(); if (userInfo != null) { diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java index 43ed050ffa..02aeb980ab 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java @@ -16,10 +16,9 @@ package org.springframework.security.oauth2.core.oidc.user; import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.oauth2.core.oidc.user.OidcUser; +import org.springframework.security.oauth2.core.oidc.OidcUserInfo; import org.springframework.security.oauth2.core.user.OAuth2UserAuthority; -import org.springframework.security.oauth2.core.oidc.IdToken; -import org.springframework.security.oauth2.core.oidc.UserInfo; +import org.springframework.security.oauth2.core.oidc.OidcIdToken; /** * A {@link GrantedAuthority} that is associated with an {@link OidcUser}. @@ -29,28 +28,28 @@ import org.springframework.security.oauth2.core.oidc.UserInfo; * @see OidcUser */ public class OidcUserAuthority extends OAuth2UserAuthority { - private final IdToken idToken; - private final UserInfo userInfo; + private final OidcIdToken idToken; + private final OidcUserInfo userInfo; - public OidcUserAuthority(IdToken idToken) { + public OidcUserAuthority(OidcIdToken idToken) { this(idToken, null); } - public OidcUserAuthority(IdToken idToken, UserInfo userInfo) { + public OidcUserAuthority(OidcIdToken idToken, OidcUserInfo userInfo) { this("ROLE_USER", idToken, userInfo); } - public OidcUserAuthority(String authority, IdToken idToken, UserInfo userInfo) { + public OidcUserAuthority(String authority, OidcIdToken idToken, OidcUserInfo userInfo) { super(authority, OidcUser.collectClaims(idToken, userInfo)); this.idToken = idToken; this.userInfo = userInfo; } - public IdToken getIdToken() { + public OidcIdToken getIdToken() { return this.idToken; } - public UserInfo getUserInfo() { + public OidcUserInfo getUserInfo() { return this.userInfo; } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TokenResponseTest.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java similarity index 81% rename from oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TokenResponseTest.java rename to oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java index ccc421d57b..13bd064676 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TokenResponseTest.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java @@ -16,16 +16,16 @@ package org.springframework.security.oauth2.core.endpoint; import org.junit.Test; -import org.springframework.security.oauth2.core.AccessToken; +import org.springframework.security.oauth2.core.OAuth2AccessToken; import java.util.Collections; /** - * Tests {@link TokenResponse} + * Tests {@link OAuth2AccessTokenResponse} * * @author Luander Ribeiro */ -public class TokenResponseTest { +public class OAuth2AccessTokenResponseTests { private static final String TOKEN = "token"; private static final long INVALID_EXPIRES_IN = -1L; @@ -33,27 +33,27 @@ public class TokenResponseTest { @Test(expected = IllegalArgumentException.class) public void buildWhenTokenValueIsNullThenThrowIllegalArgumentException() { - TokenResponse.withToken(null) + OAuth2AccessTokenResponse.withToken(null) .expiresIn(EXPIRES_IN) .additionalParameters(Collections.emptyMap()) .scopes(Collections.emptySet()) - .tokenType(AccessToken.TokenType.BEARER) + .tokenType(OAuth2AccessToken.TokenType.BEARER) .build(); } @Test(expected = IllegalArgumentException.class) public void buildWhenExpiresInIsNegativeThenThrowIllegalArgumentException() { - TokenResponse.withToken(TOKEN) + OAuth2AccessTokenResponse.withToken(TOKEN) .expiresIn(INVALID_EXPIRES_IN) .additionalParameters(Collections.emptyMap()) .scopes(Collections.emptySet()) - .tokenType(AccessToken.TokenType.BEARER) + .tokenType(OAuth2AccessToken.TokenType.BEARER) .build(); } @Test(expected = IllegalArgumentException.class) public void buildWhenTokenTypeIsInvalidThenThrowIllegalArgumentException() { - TokenResponse.withToken(TOKEN) + OAuth2AccessTokenResponse.withToken(TOKEN) .expiresIn(EXPIRES_IN) .additionalParameters(Collections.emptyMap()) .tokenType(null) @@ -62,7 +62,7 @@ public class TokenResponseTest { @Test(expected = IllegalArgumentException.class) public void buildWhenTokenTypeNotSetThenThrowIllegalArgumentException() { - TokenResponse.withToken(TOKEN) + OAuth2AccessTokenResponse.withToken(TOKEN) .expiresIn(EXPIRES_IN) .additionalParameters(Collections.emptyMap()) .build(); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/AuthorizationRequestTest.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java similarity index 80% rename from oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/AuthorizationRequestTest.java rename to oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java index ffca67d9c2..45bdff1d3e 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/AuthorizationRequestTest.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java @@ -24,11 +24,11 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatCode; /** - * Tests {@link AuthorizationRequest} + * Tests {@link OAuth2AuthorizationRequest} * * @author Luander Ribeiro */ -public class AuthorizationRequestTest { +public class OAuth2AuthorizationRequestTests { private static final String AUTHORIZE_URI = "http://authorize.uri/"; private static final String CLIENT_ID = "client id"; private static final String REDIRECT_URI = "http://redirect.uri/"; @@ -37,7 +37,7 @@ public class AuthorizationRequestTest { @Test(expected = IllegalArgumentException.class) public void buildWhenAuthorizationUriIsNullThenThrowIllegalArgumentException() { - AuthorizationRequest.authorizationCode() + OAuth2AuthorizationRequest.authorizationCode() .authorizationUri(null) .clientId(CLIENT_ID) .redirectUri(REDIRECT_URI) @@ -48,7 +48,7 @@ public class AuthorizationRequestTest { @Test(expected = IllegalArgumentException.class) public void buildWhenAuthorizeUriNotSetThenThrowIllegalArgumentException() { - AuthorizationRequest.authorizationCode() + OAuth2AuthorizationRequest.authorizationCode() .clientId(CLIENT_ID) .redirectUri(REDIRECT_URI) .scopes(SCOPE) @@ -58,7 +58,7 @@ public class AuthorizationRequestTest { @Test(expected = IllegalArgumentException.class) public void buildWhenClientIdIsNullThenThrowIllegalArgumentException() { - AuthorizationRequest.authorizationCode() + OAuth2AuthorizationRequest.authorizationCode() .authorizationUri(AUTHORIZE_URI) .clientId(null) .redirectUri(REDIRECT_URI) @@ -69,7 +69,7 @@ public class AuthorizationRequestTest { @Test(expected = IllegalArgumentException.class) public void buildWhenClientIdNotSetThenThrowIllegalArgumentException() { - AuthorizationRequest.authorizationCode() + OAuth2AuthorizationRequest.authorizationCode() .authorizationUri(AUTHORIZE_URI) .redirectUri(REDIRECT_URI) .scopes(SCOPE) @@ -79,8 +79,8 @@ public class AuthorizationRequestTest { @Test public void buildWhenGetResponseTypeIsCalledThenReturnCode() { - AuthorizationRequest authorizationRequest; - authorizationRequest = AuthorizationRequest.authorizationCode() + OAuth2AuthorizationRequest authorizationRequest; + authorizationRequest = OAuth2AuthorizationRequest.authorizationCode() .authorizationUri(AUTHORIZE_URI) .clientId(CLIENT_ID) .redirectUri(REDIRECT_URI) @@ -88,12 +88,12 @@ public class AuthorizationRequestTest { .state(STATE) .build(); - assertThat(authorizationRequest.getResponseType()).isEqualTo(ResponseType.CODE); + assertThat(authorizationRequest.getResponseType()).isEqualTo(OAuth2AuthorizationResponseType.CODE); } @Test public void buildWhenRedirectUriIsNullThenDoesNotThrowAnyException() { - assertThatCode(() -> AuthorizationRequest.authorizationCode() + assertThatCode(() -> OAuth2AuthorizationRequest.authorizationCode() .authorizationUri(AUTHORIZE_URI) .clientId(CLIENT_ID) .redirectUri(null) @@ -104,7 +104,7 @@ public class AuthorizationRequestTest { @Test public void buildWhenRedirectUriNotSetThenDoesNotThrowAnyException() { - assertThatCode(() -> AuthorizationRequest.authorizationCode() + assertThatCode(() -> OAuth2AuthorizationRequest.authorizationCode() .authorizationUri(AUTHORIZE_URI) .clientId(CLIENT_ID) .scopes(SCOPE) @@ -114,7 +114,7 @@ public class AuthorizationRequestTest { @Test public void buildWhenScopesIsNullThenDoesNotThrowAnyException() { - assertThatCode(() -> AuthorizationRequest.authorizationCode() + assertThatCode(() -> OAuth2AuthorizationRequest.authorizationCode() .authorizationUri(AUTHORIZE_URI) .clientId(CLIENT_ID) .redirectUri(REDIRECT_URI) @@ -125,7 +125,7 @@ public class AuthorizationRequestTest { @Test public void buildWhenScopesNotSetThenDoesNotThrowAnyException() { - assertThatCode(() -> AuthorizationRequest.authorizationCode() + assertThatCode(() -> OAuth2AuthorizationRequest.authorizationCode() .authorizationUri(AUTHORIZE_URI) .clientId(CLIENT_ID) .redirectUri(REDIRECT_URI) @@ -135,7 +135,7 @@ public class AuthorizationRequestTest { @Test public void buildWhenStateIsNullThenDoesNotThrowAnyException() { - assertThatCode(() -> AuthorizationRequest.authorizationCode() + assertThatCode(() -> OAuth2AuthorizationRequest.authorizationCode() .authorizationUri(AUTHORIZE_URI) .clientId(CLIENT_ID) .redirectUri(REDIRECT_URI) @@ -146,7 +146,7 @@ public class AuthorizationRequestTest { @Test public void buildWhenStateNotSetThenDoesNotThrowAnyException() { - assertThatCode(() -> AuthorizationRequest.authorizationCode() + assertThatCode(() -> OAuth2AuthorizationRequest.authorizationCode() .authorizationUri(AUTHORIZE_URI) .clientId(CLIENT_ID) .redirectUri(REDIRECT_URI) diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java index 63eefe20fb..fc824e9291 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java @@ -27,10 +27,10 @@ import org.junit.Test; import org.junit.rules.ExpectedException; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.oauth2.core.oidc.IdToken; -import org.springframework.security.oauth2.core.oidc.IdTokenClaim; -import org.springframework.security.oauth2.core.oidc.StandardClaim; -import org.springframework.security.oauth2.core.oidc.UserInfo; +import org.springframework.security.oauth2.core.oidc.OidcIdToken; +import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames; +import org.springframework.security.oauth2.core.oidc.OidcUserInfo; +import org.springframework.security.oauth2.core.oidc.StandardClaimNames; import static org.assertj.core.api.Assertions.assertThat; @@ -52,13 +52,13 @@ public class DefaultOidcUserTests { private static final Map TEST_ID_TOKEN_CLAIMS = new HashMap<>(); static { - TEST_ID_TOKEN_CLAIMS.put(IdTokenClaim.ISS, "https://example.com"); - TEST_ID_TOKEN_CLAIMS.put(IdTokenClaim.SUB, TEST_SUBJECT); + TEST_ID_TOKEN_CLAIMS.put(IdTokenClaimNames.ISS, "https://example.com"); + TEST_ID_TOKEN_CLAIMS.put(IdTokenClaimNames.SUB, TEST_SUBJECT); } - private static final IdToken TEST_ID_TOKEN = new IdToken("value", Instant.EPOCH, Instant.MAX, TEST_ID_TOKEN_CLAIMS); + private static final OidcIdToken TEST_ID_TOKEN = new OidcIdToken("value", Instant.EPOCH, Instant.MAX, TEST_ID_TOKEN_CLAIMS); - private static final UserInfo TEST_USER_INFO = new UserInfo(Collections.singletonMap(StandardClaim.EMAIL, TEST_EMAIL)); + private static final OidcUserInfo TEST_USER_INFO = new OidcUserInfo(Collections.singletonMap(StandardClaimNames.EMAIL, TEST_EMAIL)); @Rule public ExpectedException thrown = ExpectedException.none(); @@ -70,17 +70,17 @@ public class DefaultOidcUserTests { assertThat(user.getName()).isEqualTo(TEST_SUBJECT); assertThat(user.getAuthorities()).hasSize(1); assertThat(user.getAuthorities().iterator().next()).isEqualTo(TEST_AUTHORITY); - assertThat(user.getAttributes()).containsOnlyKeys(IdTokenClaim.ISS, IdTokenClaim.SUB); + assertThat(user.getAttributes()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB); } @Test public void constructorWhenAuthoritiesAndIdTokenAndNameAttributeKeyThenIsCreated() { - DefaultOidcUser user = new DefaultOidcUser(TEST_AUTHORITIES, TEST_ID_TOKEN, IdTokenClaim.SUB); + DefaultOidcUser user = new DefaultOidcUser(TEST_AUTHORITIES, TEST_ID_TOKEN, IdTokenClaimNames.SUB); assertThat(user.getName()).isEqualTo(TEST_SUBJECT); assertThat(user.getAuthorities()).hasSize(1); assertThat(user.getAuthorities().iterator().next()).isEqualTo(TEST_AUTHORITY); - assertThat(user.getAttributes()).containsOnlyKeys(IdTokenClaim.ISS, IdTokenClaim.SUB); + assertThat(user.getAttributes()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB); } @Test @@ -90,17 +90,17 @@ public class DefaultOidcUserTests { assertThat(user.getName()).isEqualTo(TEST_SUBJECT); assertThat(user.getAuthorities()).hasSize(1); assertThat(user.getAuthorities().iterator().next()).isEqualTo(TEST_AUTHORITY); - assertThat(user.getAttributes()).containsOnlyKeys(IdTokenClaim.ISS, IdTokenClaim.SUB, StandardClaim.EMAIL); + assertThat(user.getAttributes()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB, StandardClaimNames.EMAIL); } @Test public void constructorWhenAuthoritiesAndIdTokenAndUserInfoAndNameAttributeKeyThenIsCreated() { - DefaultOidcUser user = new DefaultOidcUser(TEST_AUTHORITIES, TEST_ID_TOKEN, TEST_USER_INFO, StandardClaim.EMAIL); + DefaultOidcUser user = new DefaultOidcUser(TEST_AUTHORITIES, TEST_ID_TOKEN, TEST_USER_INFO, StandardClaimNames.EMAIL); assertThat(user.getName()).isEqualTo(TEST_EMAIL); assertThat(user.getAuthorities()).hasSize(1); assertThat(user.getAuthorities().iterator().next()).isEqualTo(TEST_AUTHORITY); - assertThat(user.getAttributes()).containsOnlyKeys(IdTokenClaim.ISS, IdTokenClaim.SUB, StandardClaim.EMAIL); + assertThat(user.getAttributes()).containsOnlyKeys(IdTokenClaimNames.ISS, IdTokenClaimNames.SUB, StandardClaimNames.EMAIL); } @Test @@ -114,9 +114,9 @@ public class DefaultOidcUserTests { @Test public void constructorWhenNameAttributeKeyClaimIsNotPresentThenThrowsException() { this.thrown.expect(IllegalArgumentException.class); - this.thrown.expectMessage("Missing attribute '" + StandardClaim.NAME + "' in attributes"); + this.thrown.expectMessage("Missing attribute '" + StandardClaimNames.NAME + "' in attributes"); - new DefaultOidcUser(TEST_AUTHORITIES, TEST_ID_TOKEN, TEST_USER_INFO, StandardClaim.NAME); + new DefaultOidcUser(TEST_AUTHORITIES, TEST_ID_TOKEN, TEST_USER_INFO, StandardClaimNames.NAME); } } diff --git a/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java b/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java index e7d549bff7..4ed2b50eba 100644 --- a/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java +++ b/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java @@ -43,10 +43,10 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter; import org.springframework.security.oauth2.client.web.AuthorizationRequestRedirectFilter; -import org.springframework.security.oauth2.core.AccessToken; -import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter; -import org.springframework.security.oauth2.core.endpoint.ResponseType; -import org.springframework.security.oauth2.core.endpoint.TokenResponse; +import org.springframework.security.oauth2.core.OAuth2AccessToken; +import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType; +import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; import org.springframework.security.oauth2.core.user.DefaultOAuth2User; import org.springframework.security.oauth2.core.user.OAuth2UserAuthority; import org.springframework.test.context.junit4.SpringRunner; @@ -136,13 +136,13 @@ public class OAuth2LoginApplicationTests { Map params = uriComponents.getQueryParams().toSingleValueMap(); - assertThat(params.get(OAuth2Parameter.RESPONSE_TYPE)).isEqualTo(ResponseType.CODE.getValue()); - assertThat(params.get(OAuth2Parameter.CLIENT_ID)).isEqualTo(this.githubClientRegistration.getClientId()); + assertThat(params.get(OAuth2ParameterNames.RESPONSE_TYPE)).isEqualTo(OAuth2AuthorizationResponseType.CODE.getValue()); + assertThat(params.get(OAuth2ParameterNames.CLIENT_ID)).isEqualTo(this.githubClientRegistration.getClientId()); String redirectUri = AUTHORIZE_BASE_URL + "/" + this.githubClientRegistration.getRegistrationId(); - assertThat(URLDecoder.decode(params.get(OAuth2Parameter.REDIRECT_URI), "UTF-8")).isEqualTo(redirectUri); - assertThat(URLDecoder.decode(params.get(OAuth2Parameter.SCOPE), "UTF-8")) + assertThat(URLDecoder.decode(params.get(OAuth2ParameterNames.REDIRECT_URI), "UTF-8")).isEqualTo(redirectUri); + assertThat(URLDecoder.decode(params.get(OAuth2ParameterNames.SCOPE), "UTF-8")) .isEqualTo(this.githubClientRegistration.getScopes().stream().collect(Collectors.joining(" "))); - assertThat(params.get(OAuth2Parameter.STATE)).isNotNull(); + assertThat(params.get(OAuth2ParameterNames.STATE)).isNotNull(); } @Test @@ -177,13 +177,13 @@ public class OAuth2LoginApplicationTests { Map params = authorizeRequestUriComponents.getQueryParams().toSingleValueMap(); String code = "auth-code"; - String state = URLDecoder.decode(params.get(OAuth2Parameter.STATE), "UTF-8"); - String redirectUri = URLDecoder.decode(params.get(OAuth2Parameter.REDIRECT_URI), "UTF-8"); + String state = URLDecoder.decode(params.get(OAuth2ParameterNames.STATE), "UTF-8"); + String redirectUri = URLDecoder.decode(params.get(OAuth2ParameterNames.REDIRECT_URI), "UTF-8"); String authorizationResponseUri = UriComponentsBuilder.fromHttpUrl(redirectUri) - .queryParam(OAuth2Parameter.CODE, code) - .queryParam(OAuth2Parameter.STATE, state) + .queryParam(OAuth2ParameterNames.CODE, code) + .queryParam(OAuth2ParameterNames.STATE, state) .build().encode().toUriString(); page = this.webClient.getPage(new URL(authorizationResponseUri)); @@ -202,8 +202,8 @@ public class OAuth2LoginApplicationTests { String authorizationResponseUri = UriComponentsBuilder.fromHttpUrl(redirectUri) - .queryParam(OAuth2Parameter.CODE, code) - .queryParam(OAuth2Parameter.STATE, state) + .queryParam(OAuth2ParameterNames.CODE, code) + .queryParam(OAuth2ParameterNames.STATE, state) .build().encode().toUriString(); // Clear session cookie will ensure the 'session-saved' @@ -234,8 +234,8 @@ public class OAuth2LoginApplicationTests { String authorizationResponseUri = UriComponentsBuilder.fromHttpUrl(redirectUri) - .queryParam(OAuth2Parameter.CODE, code) - .queryParam(OAuth2Parameter.STATE, state) + .queryParam(OAuth2ParameterNames.CODE, code) + .queryParam(OAuth2ParameterNames.STATE, state) .build().encode().toUriString(); page = this.webClient.getPage(new URL(authorizationResponseUri)); @@ -262,14 +262,14 @@ public class OAuth2LoginApplicationTests { Map params = authorizeRequestUriComponents.getQueryParams().toSingleValueMap(); String code = "auth-code"; - String state = URLDecoder.decode(params.get(OAuth2Parameter.STATE), "UTF-8"); - String redirectUri = URLDecoder.decode(params.get(OAuth2Parameter.REDIRECT_URI), "UTF-8"); + String state = URLDecoder.decode(params.get(OAuth2ParameterNames.STATE), "UTF-8"); + String redirectUri = URLDecoder.decode(params.get(OAuth2ParameterNames.REDIRECT_URI), "UTF-8"); redirectUri += "-invalid"; String authorizationResponseUri = UriComponentsBuilder.fromHttpUrl(redirectUri) - .queryParam(OAuth2Parameter.CODE, code) - .queryParam(OAuth2Parameter.STATE, state) + .queryParam(OAuth2ParameterNames.CODE, code) + .queryParam(OAuth2ParameterNames.STATE, state) .build().encode().toUriString(); page = this.webClient.getPage(new URL(authorizationResponseUri)); @@ -355,13 +355,13 @@ public class OAuth2LoginApplicationTests { // @formatter:on private AuthorizationGrantTokenExchanger mockAuthorizationCodeTokenExchanger() { - TokenResponse tokenResponse = TokenResponse.withToken("access-token-1234") - .tokenType(AccessToken.TokenType.BEARER) + OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234") + .tokenType(OAuth2AccessToken.TokenType.BEARER) .expiresIn(60 * 1000) .build(); AuthorizationGrantTokenExchanger mock = mock(AuthorizationGrantTokenExchanger.class); - when(mock.exchange(any())).thenReturn(tokenResponse); + when(mock.exchange(any())).thenReturn(accessTokenResponse); return mock; }