Fixed validation in ClientRegistration.Builder

ClientRegistration.Builder defaulted to validating as an authorization_code registration, though a custom grant type could be in use. The actual grant_type is now verified for every case. - Fixed validation in ClientRegistration.Builder - New test that fails unless the issue is fixed. Also made OAuth2AuthorizationGrantRequestEntityUtils public to help implementing custom token response clients. Fixes gh-7040
2019-06-27 23:19:55 +02:00 · 2019-06-27 23:19:55 +02:00 · 3c1472501f
parent e1f155ba89
commit 3c1472501f
2 changed files with 24 additions and 1 deletions
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
@ -486,7 +486,7 @@ public final class ClientRegistration implements Serializable {
 				this.validateClientCredentialsGrantType();
 			} else if (AuthorizationGrantType.IMPLICIT.equals(this.authorizationGrantType)) {
 				this.validateImplicitGrantType();
-			} else {
+			} else if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(this.authorizationGrantType)) {
 				this.validateAuthorizationCodeGrantType();
 			}
 			this.validateScopes();
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
@ -589,4 +589,27 @@ public class ClientRegistrationTests {
 						.build()
 		).isInstanceOf(IllegalArgumentException.class);
 	}
+
+	@Test
+	public void buildWhenCustomGrantAllAttributesProvidedThenAllAttributesAreSet() {
+		AuthorizationGrantType customGrantType = new AuthorizationGrantType("CUSTOM");
+		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(customGrantType)
+				.scope(SCOPES.toArray(new String[0]))
+				.tokenUri(TOKEN_URI)
+				.clientName(CLIENT_NAME)
+				.build();
+
+		assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID);
+		assertThat(registration.getClientId()).isEqualTo(CLIENT_ID);
+		assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET);
+		assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
+		assertThat(registration.getAuthorizationGrantType()).isEqualTo(customGrantType);
+		assertThat(registration.getScopes()).isEqualTo(SCOPES);
+		assertThat(registration.getProviderDetails().getTokenUri()).isEqualTo(TOKEN_URI);
+		assertThat(registration.getClientName()).isEqualTo(CLIENT_NAME);
+	}
 }