Remove validation for unsupported grant types

Closes gh-9828
2025-10-30 22:28:46 +00:00 · 2021-06-15 15:03:51 -05:00 · 2021-06-15 15:03:51 -05:00 · 9b05afdee8
commit 9b05afdee8
parent 8de631d5c6
2 changed files with 11 additions and 21 deletions
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java
@ -23,7 +23,6 @@ import java.util.List;
 import java.util.Map;
 import java.util.function.Supplier;

-import com.nimbusds.oauth2.sdk.GrantType;
 import com.nimbusds.oauth2.sdk.ParseException;
 import com.nimbusds.oauth2.sdk.as.AuthorizationServerMetadata;
 import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
@ -242,13 +241,6 @@ public final class ClientRegistrations {
 		String name = URI.create(issuer).getHost();
 		ClientAuthenticationMethod method = getClientAuthenticationMethod(issuer,
 				metadata.getTokenEndpointAuthMethods());
-		List<GrantType> grantTypes = metadata.getGrantTypes();
-		// If null, the default includes authorization_code
-		if (grantTypes != null && !grantTypes.contains(GrantType.AUTHORIZATION_CODE)) {
-			throw new IllegalArgumentException(
-					"Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \"" + issuer
-							+ "\" returned a configuration of " + grantTypes);
-		}
 		Map<String, Object> configurationMetadata = new LinkedHashMap<>(metadata.toJSONObject());
 		// @formatter:off
 		return ClientRegistration.withRegistrationId(name)
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
@ -240,24 +240,22 @@ public class ClientRegistrationsTests {
 		assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 	}

-	/**
-	 * We currently only support authorization_code, so verify we have a meaningful error
-	 * until we add support.
-	 */
+	// gh-9828
 	@Test
-	public void issuerWhenGrantTypesSupportedInvalidThenException() {
+	public void issuerWhenImplicitGrantTypeThenSuccess() throws Exception {
 		this.response.put("grant_types_supported", Arrays.asList("implicit"));
-		assertThatIllegalArgumentException().isThrownBy(() -> registration(""))
-				.withMessageContaining("Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \""
-						+ this.issuer + "\" returned a configuration of [implicit]");
+		ClientRegistration registration = registration("").build();
+		// The authorization_code grant type is still the default
+		assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 	}

+	// gh-9828
 	@Test
-	public void issuerWhenOAuth2GrantTypesSupportedInvalidThenException() {
-		this.response.put("grant_types_supported", Arrays.asList("implicit"));
-		assertThatIllegalArgumentException().isThrownBy(() -> registrationOAuth2("", null))
-				.withMessageContaining("Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \""
-						+ this.issuer + "\" returned a configuration of [implicit]");
+	public void issuerWhenOAuth2JwtBearerGrantTypeThenSuccess() throws Exception {
+		this.response.put("grant_types_supported", Arrays.asList("urn:ietf:params:oauth:grant-type:jwt-bearer"));
+		ClientRegistration registration = registrationOAuth2("", null).build();
+		// The authorization_code grant type is still the default
+		assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 	}

 	@Test