From 52888d6206fbefc6a4b3b81a0da26dc3d22699b0 Mon Sep 17 00:00:00 2001 From: Michael Sosa Date: Wed, 26 Oct 2022 21:31:06 +0800 Subject: [PATCH] Warn when AuthorizationGrantType does not match Log a warning when AuthorizationGrantType does not exactly match a pre-defined constant. Closes gh-11905 --- .../registration/ClientRegistration.java | 26 ++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java index f2e653a481..482d1986c0 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -24,9 +24,14 @@ import java.util.HashMap; import java.util.HashSet; import java.util.LinkedHashMap; import java.util.LinkedHashSet; +import java.util.List; import java.util.Map; import java.util.Set; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import org.springframework.core.log.LogMessage; import org.springframework.security.core.SpringSecurityCoreVersion; import org.springframework.security.oauth2.core.AuthenticationMethod; import org.springframework.security.oauth2.core.AuthorizationGrantType; @@ -39,6 +44,7 @@ import org.springframework.util.StringUtils; * Provider. * * @author Joe Grandja + * @author Michael Sosa * @since 5.0 * @see Section 2 * Client Registration @@ -333,6 +339,12 @@ public final class ClientRegistration implements Serializable { private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID; + private static final Log logger = LogFactory.getLog(Builder.class); + + private static final List AUTHORIZATION_GRANT_TYPES = Arrays.asList( + AuthorizationGrantType.AUTHORIZATION_CODE, AuthorizationGrantType.CLIENT_CREDENTIALS, + AuthorizationGrantType.REFRESH_TOKEN, AuthorizationGrantType.IMPLICIT, AuthorizationGrantType.PASSWORD); + private String registrationId; private String clientId; @@ -622,6 +634,7 @@ public final class ClientRegistration implements Serializable { else if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(this.authorizationGrantType)) { this.validateAuthorizationCodeGrantType(); } + this.validateAuthorizationGrantTypes(); this.validateScopes(); return this.create(); } @@ -698,6 +711,17 @@ public final class ClientRegistration implements Serializable { Assert.hasText(this.tokenUri, "tokenUri cannot be empty"); } + private void validateAuthorizationGrantTypes() { + for (AuthorizationGrantType authorizationGrantType : AUTHORIZATION_GRANT_TYPES) { + if (authorizationGrantType.getValue().equalsIgnoreCase(this.authorizationGrantType.getValue()) + && !authorizationGrantType.equals(this.authorizationGrantType)) { + logger.warn(LogMessage.format( + "AuthorizationGrantType: %s does not match the pre-defined constant %s and won't match a valid OAuth2AuthorizedClientProvider", + this.authorizationGrantType, authorizationGrantType)); + } + } + } + private void validateScopes() { if (this.scopes == null) { return;