From 839cc5e851c0326b3b2ba59c020598e0f8cb8358 Mon Sep 17 00:00:00 2001 From: Steve Riesenberg Date: Tue, 15 Jun 2021 15:03:51 -0500 Subject: [PATCH] Remove validation for unsupported grant types Closes gh-9828 --- .../registration/ClientRegistrations.java | 8 ------- .../ClientRegistrationsTests.java | 24 +++++++++---------- 2 files changed, 11 insertions(+), 21 deletions(-) diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java index 4262f34960..9c8822d658 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java @@ -23,7 +23,6 @@ import java.util.List; import java.util.Map; import java.util.function.Supplier; -import com.nimbusds.oauth2.sdk.GrantType; import com.nimbusds.oauth2.sdk.ParseException; import com.nimbusds.oauth2.sdk.as.AuthorizationServerMetadata; import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata; @@ -242,13 +241,6 @@ public final class ClientRegistrations { String name = URI.create(issuer).getHost(); ClientAuthenticationMethod method = getClientAuthenticationMethod(issuer, metadata.getTokenEndpointAuthMethods()); - List grantTypes = metadata.getGrantTypes(); - // If null, the default includes authorization_code - if (grantTypes != null && !grantTypes.contains(GrantType.AUTHORIZATION_CODE)) { - throw new IllegalArgumentException( - "Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \"" + issuer - + "\" returned a configuration of " + grantTypes); - } Map configurationMetadata = new LinkedHashMap<>(metadata.toJSONObject()); // @formatter:off return ClientRegistration.withRegistrationId(name) diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java index 9a537e0fa8..b31d308ffa 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java @@ -240,24 +240,22 @@ public class ClientRegistrationsTests { assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); } - /** - * We currently only support authorization_code, so verify we have a meaningful error - * until we add support. - */ + // gh-9828 @Test - public void issuerWhenGrantTypesSupportedInvalidThenException() { + public void issuerWhenImplicitGrantTypeThenSuccess() throws Exception { this.response.put("grant_types_supported", Arrays.asList("implicit")); - assertThatIllegalArgumentException().isThrownBy(() -> registration("")) - .withMessageContaining("Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \"" - + this.issuer + "\" returned a configuration of [implicit]"); + ClientRegistration registration = registration("").build(); + // The authorization_code grant type is still the default + assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); } + // gh-9828 @Test - public void issuerWhenOAuth2GrantTypesSupportedInvalidThenException() { - this.response.put("grant_types_supported", Arrays.asList("implicit")); - assertThatIllegalArgumentException().isThrownBy(() -> registrationOAuth2("", null)) - .withMessageContaining("Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \"" - + this.issuer + "\" returned a configuration of [implicit]"); + public void issuerWhenOAuth2JwtBearerGrantTypeThenSuccess() throws Exception { + this.response.put("grant_types_supported", Arrays.asList("urn:ietf:params:oauth:grant-type:jwt-bearer")); + ClientRegistration registration = registrationOAuth2("", null).build(); + // The authorization_code grant type is still the default + assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); } @Test