parent
5dbfa57c19
commit
75004587a4
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2018 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -27,7 +27,6 @@ import org.springframework.security.oauth2.core.OAuth2Error;
|
||||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||||
import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
|
import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
import org.springframework.util.CollectionUtils;
|
|
||||||
import org.springframework.web.client.ResponseErrorHandler;
|
import org.springframework.web.client.ResponseErrorHandler;
|
||||||
import org.springframework.web.client.RestClientException;
|
import org.springframework.web.client.RestClientException;
|
||||||
import org.springframework.web.client.RestOperations;
|
import org.springframework.web.client.RestOperations;
|
||||||
|
@ -78,20 +77,12 @@ public final class DefaultAuthorizationCodeTokenResponseClient implements OAuth2
|
||||||
"An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: " + ex.getMessage(), null);
|
"An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: " + ex.getMessage(), null);
|
||||||
throw new OAuth2AuthorizationException(oauth2Error, ex);
|
throw new OAuth2AuthorizationException(oauth2Error, ex);
|
||||||
}
|
}
|
||||||
|
// As per spec, in Section 5.1 Successful Access Token Response
|
||||||
OAuth2AccessTokenResponse tokenResponse = response.getBody();
|
// https://tools.ietf.org/html/rfc6749#section-5.1
|
||||||
|
// If AccessTokenResponse.scope is empty, then we assume all requested scopes were
|
||||||
if (CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())) {
|
// granted.
|
||||||
// As per spec, in Section 5.1 Successful Access Token Response
|
// However, we use the explicit scopes returned in the response (if any).
|
||||||
// https://tools.ietf.org/html/rfc6749#section-5.1
|
return response.getBody();
|
||||||
// If AccessTokenResponse.scope is empty, then default to the scope
|
|
||||||
// originally requested by the client in the Token Request
|
|
||||||
tokenResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse)
|
|
||||||
.scopes(authorizationCodeGrantRequest.getClientRegistration().getScopes())
|
|
||||||
.build();
|
|
||||||
}
|
|
||||||
|
|
||||||
return tokenResponse;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2018 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -27,7 +27,6 @@ import org.springframework.security.oauth2.core.OAuth2Error;
|
||||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||||
import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
|
import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
import org.springframework.util.CollectionUtils;
|
|
||||||
import org.springframework.web.client.ResponseErrorHandler;
|
import org.springframework.web.client.ResponseErrorHandler;
|
||||||
import org.springframework.web.client.RestClientException;
|
import org.springframework.web.client.RestClientException;
|
||||||
import org.springframework.web.client.RestOperations;
|
import org.springframework.web.client.RestOperations;
|
||||||
|
@ -78,20 +77,12 @@ public final class DefaultClientCredentialsTokenResponseClient implements OAuth2
|
||||||
"An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: " + ex.getMessage(), null);
|
"An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: " + ex.getMessage(), null);
|
||||||
throw new OAuth2AuthorizationException(oauth2Error, ex);
|
throw new OAuth2AuthorizationException(oauth2Error, ex);
|
||||||
}
|
}
|
||||||
|
// As per spec, in Section 5.1 Successful Access Token Response
|
||||||
OAuth2AccessTokenResponse tokenResponse = response.getBody();
|
// https://tools.ietf.org/html/rfc6749#section-5.1
|
||||||
|
// If AccessTokenResponse.scope is empty, then we assume all requested scopes were
|
||||||
if (CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())) {
|
// granted.
|
||||||
// As per spec, in Section 5.1 Successful Access Token Response
|
// However, we use the explicit scopes returned in the response (if any).
|
||||||
// https://tools.ietf.org/html/rfc6749#section-5.1
|
return response.getBody();
|
||||||
// If AccessTokenResponse.scope is empty, then default to the scope
|
|
||||||
// originally requested by the client in the Token Request
|
|
||||||
tokenResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse)
|
|
||||||
.scopes(clientCredentialsGrantRequest.getClientRegistration().getScopes())
|
|
||||||
.build();
|
|
||||||
}
|
|
||||||
|
|
||||||
return tokenResponse;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2019 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -27,7 +27,6 @@ import org.springframework.security.oauth2.core.OAuth2Error;
|
||||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||||
import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
|
import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
import org.springframework.util.CollectionUtils;
|
|
||||||
import org.springframework.web.client.ResponseErrorHandler;
|
import org.springframework.web.client.ResponseErrorHandler;
|
||||||
import org.springframework.web.client.RestClientException;
|
import org.springframework.web.client.RestClientException;
|
||||||
import org.springframework.web.client.RestOperations;
|
import org.springframework.web.client.RestOperations;
|
||||||
|
@ -78,20 +77,12 @@ public final class DefaultPasswordTokenResponseClient implements OAuth2AccessTok
|
||||||
"An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: " + ex.getMessage(), null);
|
"An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: " + ex.getMessage(), null);
|
||||||
throw new OAuth2AuthorizationException(oauth2Error, ex);
|
throw new OAuth2AuthorizationException(oauth2Error, ex);
|
||||||
}
|
}
|
||||||
|
// As per spec, in Section 5.1 Successful Access Token Response
|
||||||
OAuth2AccessTokenResponse tokenResponse = response.getBody();
|
// https://tools.ietf.org/html/rfc6749#section-5.1
|
||||||
|
// If AccessTokenResponse.scope is empty, then we assume all requested scopes were
|
||||||
if (CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())) {
|
// granted.
|
||||||
// As per spec, in Section 5.1 Successful Access Token Response
|
// However, we use the explicit scopes returned in the response (if any).
|
||||||
// https://tools.ietf.org/html/rfc6749#section-5.1
|
return response.getBody();
|
||||||
// If AccessTokenResponse.scope is empty, then default to the scope
|
|
||||||
// originally requested by the client in the Token Request
|
|
||||||
tokenResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse)
|
|
||||||
.scopes(passwordGrantRequest.getClientRegistration().getScopes())
|
|
||||||
.build();
|
|
||||||
}
|
|
||||||
|
|
||||||
return tokenResponse;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2019 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -79,15 +79,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClient implements Re
|
||||||
})
|
})
|
||||||
.body(body)
|
.body(body)
|
||||||
.exchange()
|
.exchange()
|
||||||
.flatMap(response -> response.body(oauth2AccessTokenResponse()))
|
.flatMap(response -> response.body(oauth2AccessTokenResponse()));
|
||||||
.map(response -> {
|
|
||||||
if (response.getAccessToken().getScopes().isEmpty()) {
|
|
||||||
response = OAuth2AccessTokenResponse.withResponse(response)
|
|
||||||
.scopes(authorizationExchange.getAuthorizationRequest().getScopes())
|
|
||||||
.build();
|
|
||||||
}
|
|
||||||
return response;
|
|
||||||
});
|
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2019 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -82,15 +82,7 @@ public class WebClientReactiveClientCredentialsTokenResponseClient implements Re
|
||||||
null
|
null
|
||||||
)));
|
)));
|
||||||
}
|
}
|
||||||
return response.body(oauth2AccessTokenResponse()); })
|
return response.body(oauth2AccessTokenResponse()); });
|
||||||
.map(response -> {
|
|
||||||
if (response.getAccessToken().getScopes().isEmpty()) {
|
|
||||||
response = OAuth2AccessTokenResponse.withResponse(response)
|
|
||||||
.scopes(authorizationGrantRequest.getClientRegistration().getScopes())
|
|
||||||
.build();
|
|
||||||
}
|
|
||||||
return response;
|
|
||||||
});
|
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2019 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -79,18 +79,6 @@ public final class WebClientReactivePasswordTokenResponseClient implements React
|
||||||
.then(Mono.error(new OAuth2AuthorizationException(oauth2Error)));
|
.then(Mono.error(new OAuth2AuthorizationException(oauth2Error)));
|
||||||
}
|
}
|
||||||
return response.body(oauth2AccessTokenResponse());
|
return response.body(oauth2AccessTokenResponse());
|
||||||
})
|
|
||||||
.map(tokenResponse -> {
|
|
||||||
if (CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())) {
|
|
||||||
// As per spec, in Section 5.1 Successful Access Token Response
|
|
||||||
// https://tools.ietf.org/html/rfc6749#section-5.1
|
|
||||||
// If AccessTokenResponse.scope is empty, then default to the scope
|
|
||||||
// originally requested by the client in the Token Request
|
|
||||||
tokenResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse)
|
|
||||||
.scopes(passwordGrantRequest.getClientRegistration().getScopes())
|
|
||||||
.build();
|
|
||||||
}
|
|
||||||
return tokenResponse;
|
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2018 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -218,7 +218,7 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenAccessTokenHasDefaultScope() {
|
public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenAccessTokenHasNoScope() {
|
||||||
String accessTokenSuccessResponse = "{\n" +
|
String accessTokenSuccessResponse = "{\n" +
|
||||||
" \"access_token\": \"access-token-1234\",\n" +
|
" \"access_token\": \"access-token-1234\",\n" +
|
||||||
" \"token_type\": \"bearer\",\n" +
|
" \"token_type\": \"bearer\",\n" +
|
||||||
|
@ -230,7 +230,7 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
|
||||||
OAuth2AccessTokenResponse accessTokenResponse =
|
OAuth2AccessTokenResponse accessTokenResponse =
|
||||||
this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest());
|
this.tokenResponseClient.getTokenResponse(this.authorizationCodeGrantRequest());
|
||||||
|
|
||||||
assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read", "write");
|
assertThat(accessTokenResponse.getAccessToken().getScopes()).isEmpty();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2018 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -222,7 +222,7 @@ public class DefaultClientCredentialsTokenResponseClientTests {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenAccessTokenHasDefaultScope() {
|
public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenAccessTokenHasNoScope() {
|
||||||
String accessTokenSuccessResponse = "{\n" +
|
String accessTokenSuccessResponse = "{\n" +
|
||||||
" \"access_token\": \"access-token-1234\",\n" +
|
" \"access_token\": \"access-token-1234\",\n" +
|
||||||
" \"token_type\": \"bearer\",\n" +
|
" \"token_type\": \"bearer\",\n" +
|
||||||
|
@ -235,7 +235,7 @@ public class DefaultClientCredentialsTokenResponseClientTests {
|
||||||
|
|
||||||
OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest);
|
OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest);
|
||||||
|
|
||||||
assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read", "write");
|
assertThat(accessTokenResponse.getAccessToken().getScopes()).isEmpty();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2019 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -86,11 +86,14 @@ public class DefaultPasswordTokenResponseClientTests {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception {
|
public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception {
|
||||||
String accessTokenSuccessResponse = "{\n" +
|
// @formatter:off
|
||||||
" \"access_token\": \"access-token-1234\",\n" +
|
String accessTokenSuccessResponse = "{\n"
|
||||||
" \"token_type\": \"bearer\",\n" +
|
+ " \"access_token\": \"access-token-1234\",\n"
|
||||||
" \"expires_in\": \"3600\"\n" +
|
+ " \"token_type\": \"bearer\",\n"
|
||||||
"}\n";
|
+ " \"expires_in\": \"3600\",\n"
|
||||||
|
+ " \"scope\": \"read write\"\n"
|
||||||
|
+ "}\n";
|
||||||
|
// @formatter:on
|
||||||
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
||||||
|
|
||||||
Instant expiresAtBefore = Instant.now().plusSeconds(3600);
|
Instant expiresAtBefore = Instant.now().plusSeconds(3600);
|
||||||
|
@ -123,11 +126,14 @@ public class DefaultPasswordTokenResponseClientTests {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void getTokenResponseWhenClientAuthenticationPostThenFormParametersAreSent() throws Exception {
|
public void getTokenResponseWhenClientAuthenticationPostThenFormParametersAreSent() throws Exception {
|
||||||
String accessTokenSuccessResponse = "{\n" +
|
// @formatter:off
|
||||||
" \"access_token\": \"access-token-1234\",\n" +
|
String accessTokenSuccessResponse = "{\n"
|
||||||
" \"token_type\": \"bearer\",\n" +
|
+ " \"access_token\": \"access-token-1234\",\n"
|
||||||
" \"expires_in\": \"3600\"\n" +
|
+ " \"token_type\": \"bearer\",\n"
|
||||||
"}\n";
|
+ " \"expires_in\": \"3600\",\n"
|
||||||
|
+ " \"scope\": \"read\"\n"
|
||||||
|
+ "}\n";
|
||||||
|
// @formatter:on
|
||||||
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
||||||
|
|
||||||
ClientRegistration clientRegistration = this.clientRegistrationBuilder
|
ClientRegistration clientRegistration = this.clientRegistrationBuilder
|
||||||
|
@ -186,6 +192,22 @@ public class DefaultPasswordTokenResponseClientTests {
|
||||||
assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read");
|
assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenAccessTokenHasNoScope() {
|
||||||
|
// @formatter:off
|
||||||
|
String accessTokenSuccessResponse = "{\n"
|
||||||
|
+ " \"access_token\": \"access-token-1234\",\n"
|
||||||
|
+ " \"token_type\": \"bearer\",\n"
|
||||||
|
+ " \"expires_in\": \"3600\"\n"
|
||||||
|
+ "}\n";
|
||||||
|
// @formatter:on
|
||||||
|
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
||||||
|
OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(
|
||||||
|
this.clientRegistrationBuilder.build(), this.username, this.password);
|
||||||
|
OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(passwordGrantRequest);
|
||||||
|
assertThat(accessTokenResponse.getAccessToken().getScopes()).isEmpty();
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() {
|
public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() {
|
||||||
String accessTokenErrorResponse = "{\n" +
|
String accessTokenErrorResponse = "{\n" +
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2019 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -88,11 +88,14 @@ public class DefaultRefreshTokenTokenResponseClientTests {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception {
|
public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception {
|
||||||
String accessTokenSuccessResponse = "{\n" +
|
// @formatter:off
|
||||||
" \"access_token\": \"access-token-1234\",\n" +
|
String accessTokenSuccessResponse = "{\n"
|
||||||
" \"token_type\": \"bearer\",\n" +
|
+ " \"access_token\": \"access-token-1234\",\n"
|
||||||
" \"expires_in\": \"3600\"\n" +
|
+ " \"token_type\": \"bearer\",\n"
|
||||||
"}\n";
|
+ " \"expires_in\": \"3600\",\n"
|
||||||
|
+ " \"scope\": \"read write\"\n"
|
||||||
|
+ "}\n";
|
||||||
|
// @formatter:on
|
||||||
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
||||||
|
|
||||||
Instant expiresAtBefore = Instant.now().plusSeconds(3600);
|
Instant expiresAtBefore = Instant.now().plusSeconds(3600);
|
||||||
|
@ -121,6 +124,26 @@ public class DefaultRefreshTokenTokenResponseClientTests {
|
||||||
assertThat(accessTokenResponse.getRefreshToken().getTokenValue()).isEqualTo(this.refreshToken.getTokenValue());
|
assertThat(accessTokenResponse.getRefreshToken().getTokenValue()).isEqualTo(this.refreshToken.getTokenValue());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenAccessTokenHasOriginalScope() {
|
||||||
|
// @formatter:off
|
||||||
|
String accessTokenSuccessResponse = "{\n"
|
||||||
|
+ " \"access_token\": \"access-token-1234\",\n"
|
||||||
|
+ " \"token_type\": \"bearer\",\n"
|
||||||
|
+ " \"expires_in\": \"3600\"\n"
|
||||||
|
+ "}\n";
|
||||||
|
// @formatter:on
|
||||||
|
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
||||||
|
ClientRegistration clientRegistration = this.clientRegistrationBuilder
|
||||||
|
.clientAuthenticationMethod(ClientAuthenticationMethod.POST).build();
|
||||||
|
OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(clientRegistration,
|
||||||
|
this.accessToken, this.refreshToken);
|
||||||
|
OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient
|
||||||
|
.getTokenResponse(refreshTokenGrantRequest);
|
||||||
|
assertThat(accessTokenResponse.getAccessToken().getScopes())
|
||||||
|
.containsExactly(this.accessToken.getScopes().toArray(new String[0]));
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void getTokenResponseWhenClientAuthenticationPostThenFormParametersAreSent() throws Exception {
|
public void getTokenResponseWhenClientAuthenticationPostThenFormParametersAreSent() throws Exception {
|
||||||
String accessTokenSuccessResponse = "{\n" +
|
String accessTokenSuccessResponse = "{\n" +
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2019 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -226,7 +226,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenReturnAccessTokenResponseUsingRequestedScope() {
|
public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenReturnAccessTokenResponseWithNoScopes() {
|
||||||
String accessTokenSuccessResponse = "{\n" +
|
String accessTokenSuccessResponse = "{\n" +
|
||||||
" \"access_token\": \"access-token-1234\",\n" +
|
" \"access_token\": \"access-token-1234\",\n" +
|
||||||
" \"token_type\": \"bearer\",\n" +
|
" \"token_type\": \"bearer\",\n" +
|
||||||
|
@ -239,7 +239,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
|
||||||
|
|
||||||
OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block();
|
OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block();
|
||||||
|
|
||||||
assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("openid", "profile", "email", "address");
|
assertThat(accessTokenResponse.getAccessToken().getScopes()).isEmpty();
|
||||||
}
|
}
|
||||||
|
|
||||||
private OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest() {
|
private OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest() {
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2019 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -78,6 +78,7 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
|
||||||
String body = actualRequest.getUtf8Body();
|
String body = actualRequest.getUtf8Body();
|
||||||
|
|
||||||
assertThat(response.getAccessToken()).isNotNull();
|
assertThat(response.getAccessToken()).isNotNull();
|
||||||
|
assertThat(response.getAccessToken().getScopes()).containsExactly("create");
|
||||||
assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)).isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ=");
|
assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)).isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ=");
|
||||||
assertThat(body).isEqualTo("grant_type=client_credentials&scope=read%3Auser");
|
assertThat(body).isEqualTo("grant_type=client_credentials&scope=read%3Auser");
|
||||||
}
|
}
|
||||||
|
@ -102,12 +103,13 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
|
||||||
String body = actualRequest.getUtf8Body();
|
String body = actualRequest.getUtf8Body();
|
||||||
|
|
||||||
assertThat(response.getAccessToken()).isNotNull();
|
assertThat(response.getAccessToken()).isNotNull();
|
||||||
|
assertThat(response.getAccessToken().getScopes()).containsExactly("create");
|
||||||
assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull();
|
assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull();
|
||||||
assertThat(body).isEqualTo("grant_type=client_credentials&scope=read%3Auser&client_id=client-id&client_secret=client-secret");
|
assertThat(body).isEqualTo("grant_type=client_credentials&scope=read%3Auser&client_id=client-id&client_secret=client-secret");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void getTokenResponseWhenNoScopeThenClientRegistrationScopesDefaulted() {
|
public void getTokenResponseWhenNoScopeThenReturnAccessTokenResponseWithNoScopes() {
|
||||||
ClientRegistration registration = this.clientRegistration.build();
|
ClientRegistration registration = this.clientRegistration.build();
|
||||||
enqueueJson("{\n"
|
enqueueJson("{\n"
|
||||||
+ " \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n"
|
+ " \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n"
|
||||||
|
@ -119,7 +121,7 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests {
|
||||||
|
|
||||||
OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block();
|
OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block();
|
||||||
|
|
||||||
assertThat(response.getAccessToken().getScopes()).isEqualTo(registration.getScopes());
|
assertThat(response.getAccessToken().getScopes()).isEmpty();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test(expected=IllegalArgumentException.class)
|
@Test(expected=IllegalArgumentException.class)
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2019 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -74,12 +74,50 @@ public class WebClientReactivePasswordTokenResponseClientTests {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void getTokenResponseWhenSuccessResponseThenReturnAccessTokenResponse() throws Exception {
|
public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenReturnAccessTokenResponseWithNoScope()
|
||||||
String accessTokenSuccessResponse = "{\n" +
|
throws Exception {
|
||||||
" \"access_token\": \"access-token-1234\",\n" +
|
// @formatter:off
|
||||||
" \"token_type\": \"bearer\",\n" +
|
String accessTokenSuccessResponse = "{\n"
|
||||||
" \"expires_in\": \"3600\"\n" +
|
+ " \"access_token\": \"access-token-1234\",\n"
|
||||||
"}\n";
|
+ " \"token_type\": \"bearer\",\n"
|
||||||
|
+ " \"expires_in\": \"3600\"\n"
|
||||||
|
+ "}\n";
|
||||||
|
// @formatter:on
|
||||||
|
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
||||||
|
Instant expiresAtBefore = Instant.now().plusSeconds(3600);
|
||||||
|
ClientRegistration clientRegistration = this.clientRegistrationBuilder.build();
|
||||||
|
OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration,
|
||||||
|
this.username, this.password);
|
||||||
|
OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(passwordGrantRequest)
|
||||||
|
.block();
|
||||||
|
Instant expiresAtAfter = Instant.now().plusSeconds(3600);
|
||||||
|
RecordedRequest recordedRequest = this.server.takeRequest();
|
||||||
|
assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString());
|
||||||
|
assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE);
|
||||||
|
assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE))
|
||||||
|
.isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
|
||||||
|
String formParameters = recordedRequest.getBody().readUtf8();
|
||||||
|
assertThat(formParameters).contains("grant_type=password");
|
||||||
|
assertThat(formParameters).contains("username=user1");
|
||||||
|
assertThat(formParameters).contains("password=password");
|
||||||
|
assertThat(formParameters).contains("scope=read+write");
|
||||||
|
assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
|
||||||
|
assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
|
||||||
|
assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter);
|
||||||
|
assertThat(accessTokenResponse.getAccessToken().getScopes()).isEmpty();
|
||||||
|
assertThat(accessTokenResponse.getRefreshToken()).isNull();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void getTokenResponseWhenSuccessResponseIncludesScopeThenReturnAccessTokenResponse() throws Exception {
|
||||||
|
// @formatter:off
|
||||||
|
String accessTokenSuccessResponse = "{\n"
|
||||||
|
+ " \"access_token\": \"access-token-1234\",\n"
|
||||||
|
+ " \"token_type\": \"bearer\",\n"
|
||||||
|
+ " \"expires_in\": \"3600\",\n"
|
||||||
|
+ " \"scope\": \"read write\"\n"
|
||||||
|
+ "}\n";
|
||||||
|
// @formatter:on
|
||||||
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
|
||||||
|
|
||||||
Instant expiresAtBefore = Instant.now().plusSeconds(3600);
|
Instant expiresAtBefore = Instant.now().plusSeconds(3600);
|
||||||
|
|
Loading…
Reference in New Issue