Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 09:12:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

NimbusAuthorizationCodeTokenExchanger uses authorizationRequest.redirectUri

Browse Source 
Fixes gh-4701
This commit is contained in:
Joe Grandja 2017-10-28 21:30:40 -04:00
parent 006319f19a
commit b1d56b5821
3 changed files with 1 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenExchanger.java
View File

@ -76,7 +76,7 @@ public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrant
// Build the authorization code grant request for the token endpoint
AuthorizationCode authorizationCode = new AuthorizationCode(
authorizationGrantRequest.getAuthorizationExchange().getAuthorizationResponse().getCode());
URI redirectUri = toURI(clientRegistration.getRedirectUri());
URI redirectUri = toURI(authorizationGrantRequest.getAuthorizationExchange().getAuthorizationRequest().getRedirectUri());
AuthorizationGrant authorizationCodeGrant = new AuthorizationCodeGrant(authorizationCode, redirectUri);
URI tokenUri = toURI(clientRegistration.getProviderDetails().getTokenUri());

24
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
View File

@ -19,7 +19,6 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.oidc.OidcScopes;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import java.util.Arrays;
import java.util.Collections;
@ -130,11 +129,6 @@ public final class ClientRegistration {
return new Builder(registrationId);
}
public static Builder from(ClientRegistration clientRegistration) {
Assert.notNull(clientRegistration, "clientRegistration cannot be null");
return new Builder(clientRegistration);
}
public static class Builder {
private String registrationId;
private String clientId;
@ -154,24 +148,6 @@ public final class ClientRegistration {
this.registrationId = registrationId;
}
private Builder(ClientRegistration clientRegistration) {
this(clientRegistration.getRegistrationId());
this.clientId(clientRegistration.getClientId());
this.clientSecret(clientRegistration.getClientSecret());
this.clientAuthenticationMethod(clientRegistration.getClientAuthenticationMethod());
this.authorizationGrantType(clientRegistration.getAuthorizationGrantType());
this.redirectUri(clientRegistration.getRedirectUri());
if (!CollectionUtils.isEmpty(clientRegistration.getScopes())) {
this.scope(clientRegistration.getScopes().toArray(new String[0]));
}
this.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri());
this.tokenUri(clientRegistration.getProviderDetails().getTokenUri());
this.userInfoUri(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri());
this.userNameAttributeName(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName());
this.jwkSetUri(clientRegistration.getProviderDetails().getJwkSetUri());
this.clientName(clientRegistration.getClientName());
}
public Builder clientId(String clientId) {
this.clientId = clientId;
return this;

11
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
View File

@ -124,17 +124,6 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce
String registrationId = (String)authorizationRequest.getAdditionalParameters().get(OAuth2ParameterNames.REGISTRATION_ID);
ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId);
// The clientRegistration.redirectUri may contain Uri template variables, whether it's configured by
// the user or configured by default. In these cases, the redirectUri will be expanded and ultimately changed
// (by OAuth2AuthorizationRequestRedirectFilter) before setting it in the authorization request.
// The resulting redirectUri used for the authorization request and saved within the AuthorizationRequestRepository
// MUST BE the same one used to complete the authorization code flow.
// Therefore, we'll create a copy of the clientRegistration and override the redirectUri
// with the one contained in authorizationRequest.
clientRegistration = ClientRegistration.from(clientRegistration)
.redirectUri(authorizationRequest.getRedirectUri())
.build();
OAuth2LoginAuthenticationToken authenticationRequest = new OAuth2LoginAuthenticationToken(
clientRegistration, new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse));
authenticationRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));