Warn when AuthorizationGrantType does not match

Log a warning when AuthorizationGrantType does not exactly match a pre-defined constant. Closes gh-11905
2025-05-31 17:22:13 +00:00 · 2022-10-26 21:31:06 +08:00 · 2022-10-26 21:31:06 +08:00 · 52888d6206
commit 52888d6206
parent a61fffc209
1 changed files with 25 additions and 1 deletions
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -24,9 +24,14 @@ import java.util.HashMap;
 import java.util.HashSet;
 import java.util.LinkedHashMap;
 import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.core.log.LogMessage;
 import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.security.oauth2.core.AuthenticationMethod;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
@ -39,6 +44,7 @@ import org.springframework.util.StringUtils;
 * Provider.
 *
 * @author Joe Grandja
 * @author Michael Sosa
 * @since 5.0
 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-2">Section 2
 * Client Registration</a>
@ -333,6 +339,12 @@ public final class ClientRegistration implements Serializable {
 		private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 		private static final Log logger = LogFactory.getLog(Builder.class);
 		private static final List<AuthorizationGrantType> AUTHORIZATION_GRANT_TYPES = Arrays.asList(
 				AuthorizationGrantType.AUTHORIZATION_CODE, AuthorizationGrantType.CLIENT_CREDENTIALS,
 				AuthorizationGrantType.REFRESH_TOKEN, AuthorizationGrantType.IMPLICIT, AuthorizationGrantType.PASSWORD);
 		private String registrationId;
 		private String clientId;
@ -622,6 +634,7 @@ public final class ClientRegistration implements Serializable {
 			else if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(this.authorizationGrantType)) {
 				this.validateAuthorizationCodeGrantType();
 			}
 			this.validateAuthorizationGrantTypes();
 			this.validateScopes();
 			return this.create();
 		}
@ -698,6 +711,17 @@ public final class ClientRegistration implements Serializable {
 			Assert.hasText(this.tokenUri, "tokenUri cannot be empty");
 		}
 		private void validateAuthorizationGrantTypes() {
 			for (AuthorizationGrantType authorizationGrantType : AUTHORIZATION_GRANT_TYPES) {
 				if (authorizationGrantType.getValue().equalsIgnoreCase(this.authorizationGrantType.getValue())
 						&& !authorizationGrantType.equals(this.authorizationGrantType)) {
 					logger.warn(LogMessage.format(
 							"AuthorizationGrantType: %s does not match the pre-defined constant %s and won't match a valid OAuth2AuthorizedClientProvider",
 							this.authorizationGrantType, authorizationGrantType));
 				}
 			}
 		}
 		private void validateScopes() {
 			if (this.scopes == null) {
 				return;