Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove AuthorizedClient.getAuthorizedScopes() 

Fixes gh-4696
This commit is contained in:
Joe Grandja 2017-10-25 14:06:34 -04:00
parent 5a584e5ccb
commit 5237c6e01b
3 changed files with 14 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizedClient.java
View File

@ -18,9 +18,6 @@ package org.springframework.security.oauth2.client.authentication;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.AccessToken;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import java.util.Set;
/**
* A representation of an OAuth 2.0 <i>&quot;Authorized Client&quot;</i>.
@ -63,14 +60,4 @@ public class AuthorizedClient {
public AccessToken getAccessToken() {
return this.accessToken;
}
public final Set<String> getAuthorizedScopes() {
// As per spec, in section 5.1 Successful Access Token Response
// https://tools.ietf.org/html/rfc6749#section-5.1
// If AccessToken.scopes is empty, then default to the scopes
// originally requested by the client in the Authorization Request
return (CollectionUtils.isEmpty(this.getAccessToken().getScopes()) ?
this.getClientRegistration().getScopes() :
this.getAccessToken().getScopes());
}
}

17
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/NimbusAuthorizationCodeTokenExchanger.java
View File

@ -41,7 +41,6 @@ import org.springframework.util.CollectionUtils;
import java.io.IOException;
import java.net.URI;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.Map;
@ -122,10 +121,20 @@ public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrant
accessTokenType = AccessToken.TokenType.BEARER;
}
long expiresIn = accessTokenResponse.getTokens().getAccessToken().getLifetime();
Set<String> scopes = Collections.emptySet();
if (!CollectionUtils.isEmpty(accessTokenResponse.getTokens().getAccessToken().getScope())) {
scopes = new LinkedHashSet<>(accessTokenResponse.getTokens().getAccessToken().getScope().toStringList());
// As per spec, in section 5.1 Successful Access Token Response
// https://tools.ietf.org/html/rfc6749#section-5.1
// If AccessTokenResponse.scope is empty, then default to the scope
// originally requested by the client in the Authorization Request
Set<String> scopes;
if (CollectionUtils.isEmpty(accessTokenResponse.getTokens().getAccessToken().getScope())) {
scopes = new LinkedHashSet<>(
authorizationCodeAuthentication.getAuthorizationExchange().getAuthorizationRequest().getScopes());
} else {
scopes = new LinkedHashSet<>(
accessTokenResponse.getTokens().getAccessToken().getScope().toStringList());
}
Map<String, Object> additionalParameters = new LinkedHashMap<>(accessTokenResponse.getCustomParameters());
return TokenResponse.withToken(accessToken)

2
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/oidc/client/authentication/userinfo/OidcUserService.java
View File

@ -110,7 +110,7 @@ public class OidcUserService implements OAuth2UserService {
oidcAuthorizedClient.getClientRegistration().getAuthorizationGrantType())) {
// Return true if there is at least one match between the authorized scope(s) and UserInfo scope(s)
return oidcAuthorizedClient.getAuthorizedScopes().stream().anyMatch(userInfoScopes::contains);
return oidcAuthorizedClient.getAccessToken().getScopes().stream().anyMatch(userInfoScopes::contains);
}
return false;