Add oidcLogin MockMvc Test Support

Fixes gh-7618
This commit is contained in:
Josh Cummings 2019-11-04 15:17:03 -07:00
parent 6ff71d8113
commit b35e18ff31
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
5 changed files with 517 additions and 0 deletions

View File

@ -18,6 +18,7 @@ package sample;
import java.net.URI;
import java.net.URL;
import java.net.URLDecoder;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
@ -40,6 +41,7 @@ import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpStatus;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@ -51,7 +53,9 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
@ -61,6 +65,7 @@ import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.web.util.UriComponents;
import org.springframework.web.util.UriComponentsBuilder;
@ -68,6 +73,10 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.SUB;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oidcLogin;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.model;
/**
* Integration tests for the OAuth 2.0 client filters {@link OAuth2AuthorizationRequestRedirectFilter}
@ -87,6 +96,9 @@ public class OAuth2LoginApplicationTests {
@Autowired
private WebClient webClient;
@Autowired
private MockMvc mvc;
@Autowired
private ClientRegistrationRepository clientRegistrationRepository;
@ -284,6 +296,15 @@ public class OAuth2LoginApplicationTests {
assertThat(errorElement.asText()).contains("invalid_redirect_uri_parameter");
}
@Test
public void requestWhenMockOidcLoginThenIndex() throws Exception {
ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("github");
this.mvc.perform(get("/").with(oidcLogin().clientRegistration(clientRegistration)))
.andExpect(model().attribute("userName", "test-subject"))
.andExpect(model().attribute("clientName", "GitHub"))
.andExpect(model().attribute("userAttributes", Collections.singletonMap(SUB, "test-subject")));
}
private void assertLoginPage(HtmlPage page) {
assertThat(page.getTitleText()).isEqualTo("Please sign in");
@ -397,5 +418,10 @@ public class OAuth2LoginApplicationTests {
when(userService.loadUser(any())).thenReturn(user);
return userService;
}
@Bean
OAuth2AuthorizedClientRepository authorizedClientRepository() {
return new HttpSessionOAuth2AuthorizedClientRepository();
}
}
}

View File

@ -0,0 +1,94 @@
/*
* Copyright 2002-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package sample.web;
import java.util.Collections;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.web.servlet.MockMvc;
import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.SUB;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oidcLogin;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.model;
/**
* Tests for {@link OAuth2LoginController}
*
* @author Josh Cummings
*/
@RunWith(SpringRunner.class)
@WebMvcTest
@Import({OAuth2LoginController.class, OAuth2LoginControllerTests.OAuth2ClientConfig.class})
public class OAuth2LoginControllerTests {
static ClientRegistration clientRegistration = ClientRegistration.withRegistrationId("test")
.authorizationGrantType(AuthorizationGrantType.PASSWORD)
.clientId("my-client-id")
.clientName("my-client-name")
.tokenUri("https://token-uri.example.org")
.build();
@Autowired
MockMvc mvc;
@Test
public void rootWhenAuthenticatedReturnsUserAndClient() throws Exception {
this.mvc.perform(get("/").with(oidcLogin()))
.andExpect(model().attribute("userName", "test-subject"))
.andExpect(model().attribute("clientName", "test"))
.andExpect(model().attribute("userAttributes", Collections.singletonMap(SUB, "test-subject")));
}
@Test
public void rootWhenOverridingClientRegistrationReturnsAccordingly() throws Exception {
this.mvc.perform(get("/").with(oidcLogin()
.clientRegistration(clientRegistration)
.idToken(i -> i.subject("spring-security"))))
.andExpect(model().attribute("userName", "spring-security"))
.andExpect(model().attribute("clientName", "my-client-name"))
.andExpect(model().attribute("userAttributes", Collections.singletonMap(SUB, "spring-security")));
}
@Configuration
static class OAuth2ClientConfig {
@Bean
ClientRegistrationRepository clientRegistrationRepository() {
return new InMemoryClientRegistrationRepository(clientRegistration);
}
@Bean
OAuth2AuthorizedClientRepository authorizedClientRepository() {
return new HttpSessionOAuth2AuthorizedClientRepository();
}
}
}

View File

@ -7,6 +7,7 @@ dependencies {
compile 'org.springframework:spring-test'
optional project(':spring-security-config')
optional project(':spring-security-oauth2-client')
optional project(':spring-security-oauth2-jose')
optional project(':spring-security-oauth2-resource-server')
optional 'io.projectreactor:reactor-core'

View File

@ -25,7 +25,10 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.function.Consumer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@ -46,6 +49,19 @@ import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
@ -314,6 +330,36 @@ public final class SecurityMockMvcRequestPostProcessors {
return new HttpBasicRequestPostProcessor(username, password);
}
/**
* Establish a {@link SecurityContext} that has a
* {@link OAuth2AuthenticationToken} for the
* {@link Authentication} and a {@link OAuth2AuthorizedClient} in
* the session. All details are
* declarative and do not require associated tokens to be valid.
*
* <p>
* The support works by associating the authentication to the HttpServletRequest. To associate
* the request to the SecurityContextHolder you need to ensure that the
* SecurityContextPersistenceFilter is associated with the MockMvc instance. A few
* ways to do this are:
* </p>
*
* <ul>
* <li>Invoking apply {@link SecurityMockMvcConfigurers#springSecurity()}</li>
* <li>Adding Spring Security's FilterChainProxy to MockMvc</li>
* <li>Manually adding {@link SecurityContextPersistenceFilter} to the MockMvc
* instance may make sense when using MockMvcBuilders standaloneSetup</li>
* </ul>
*
* @return the {@link OidcLoginRequestPostProcessor} for additional customization
* @since 5.3
*/
public static OidcLoginRequestPostProcessor oidcLogin() {
OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token",
null, null, Collections.singleton("user"));
return new OidcLoginRequestPostProcessor(accessToken);
}
/**
* Populates the X509Certificate instances onto the request
*/
@ -1024,6 +1070,161 @@ public final class SecurityMockMvcRequestPostProcessors {
}
/**
* @author Josh Cummings
* @since 5.3
*/
public final static class OidcLoginRequestPostProcessor implements RequestPostProcessor {
private ClientRegistration clientRegistration;
private OAuth2AccessToken accessToken;
private OidcIdToken idToken;
private OidcUserInfo userInfo;
private OidcUser oidcUser;
private Collection<GrantedAuthority> authorities;
private OidcLoginRequestPostProcessor(OAuth2AccessToken accessToken) {
this.accessToken = accessToken;
this.clientRegistration = clientRegistrationBuilder().build();
}
/**
* Use the provided authorities in the {@link Authentication}
*
* @param authorities the authorities to use
* @return the {@link OidcLoginRequestPostProcessor} for further configuration
*/
public OidcLoginRequestPostProcessor authorities(Collection<GrantedAuthority> authorities) {
Assert.notNull(authorities, "authorities cannot be null");
this.authorities = authorities;
return this;
}
/**
* Use the provided authorities in the {@link Authentication}
*
* @param authorities the authorities to use
* @return the {@link OidcLoginRequestPostProcessor} for further configuration
*/
public OidcLoginRequestPostProcessor authorities(GrantedAuthority... authorities) {
Assert.notNull(authorities, "authorities cannot be null");
this.authorities = Arrays.asList(authorities);
return this;
}
/**
* Use the provided {@link OidcIdToken} when constructing the authenticated user
*
* @param idTokenBuilderConsumer a {@link Consumer} of a {@link OidcIdToken.Builder}
* @return the {@link OidcLoginRequestPostProcessor} for further configuration
*/
public OidcLoginRequestPostProcessor idToken(Consumer<OidcIdToken.Builder> idTokenBuilderConsumer) {
OidcIdToken.Builder builder = OidcIdToken.withTokenValue("id-token");
builder.subject("test-subject");
idTokenBuilderConsumer.accept(builder);
this.idToken = builder.build();
return this;
}
/**
* Use the provided {@link OidcUserInfo} when constructing the authenticated user
*
* @param userInfoBuilderConsumer a {@link Consumer} of a {@link OidcUserInfo.Builder}
* @return the {@link OidcLoginRequestPostProcessor} for further configuration
*/
public OidcLoginRequestPostProcessor userInfoToken(Consumer<OidcUserInfo.Builder> userInfoBuilderConsumer) {
OidcUserInfo.Builder builder = OidcUserInfo.builder();
userInfoBuilderConsumer.accept(builder);
this.userInfo = builder.build();
return this;
}
/**
* Use the provided {@link OidcUser} as the authenticated user.
*
* Supplying an {@link OidcUser} will take precedence over {@link #idToken}, {@link #userInfo},
* and list of {@link GrantedAuthority}s to use.
*
* @param oidcUser the {@link OidcUser} to use
* @return the {@link OidcLoginRequestPostProcessor} for further configuration
*/
public OidcLoginRequestPostProcessor oidcUser(OidcUser oidcUser) {
this.oidcUser = oidcUser;
return this;
}
/**
* Use the provided {@link ClientRegistration} as the client to authorize.
*
* The supplied {@link ClientRegistration} will be registered into an
* {@link HttpSessionOAuth2AuthorizedClientRepository}. Tests relying on
* {@link org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient}
* annotations should register an {@link HttpSessionOAuth2AuthorizedClientRepository} bean
* to the application context.
*
* The client registration must be a valid {@link ClientRegistration} from the
* {@link org.springframework.security.oauth2.client.registration.ClientRegistrationRepository}
* in the application context.
*
* @param clientRegistration the {@link ClientRegistration} to use
* @return the {@link OidcLoginRequestPostProcessor} for further configuration
*/
public OidcLoginRequestPostProcessor clientRegistration(ClientRegistration clientRegistration) {
this.clientRegistration = clientRegistration;
return this;
}
@Override
public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) {
OidcUser oidcUser = getOidcUser();
OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(oidcUser, oidcUser.getAuthorities(), this.clientRegistration.getRegistrationId());
OAuth2AuthorizedClient client = new OAuth2AuthorizedClient(this.clientRegistration, token.getName(), this.accessToken);
OAuth2AuthorizedClientRepository authorizedClientRepository = new HttpSessionOAuth2AuthorizedClientRepository();
authorizedClientRepository.saveAuthorizedClient(client, token, request, new MockHttpServletResponse());
return new AuthenticationRequestPostProcessor(token).postProcessRequest(request);
}
private ClientRegistration.Builder clientRegistrationBuilder() {
return ClientRegistration.withRegistrationId("test")
.authorizationGrantType(AuthorizationGrantType.PASSWORD)
.clientId("test-client")
.tokenUri("https://token-uri.example.org");
}
private Collection<GrantedAuthority> getAuthorities() {
if (this.authorities == null) {
Set<GrantedAuthority> authorities = new LinkedHashSet<>();
authorities.add(new OidcUserAuthority(getOidcIdToken(), getOidcUserInfo()));
for (String authority : this.accessToken.getScopes()) {
authorities.add(new SimpleGrantedAuthority("SCOPE_" + authority));
}
return authorities;
} else {
return this.authorities;
}
}
private OidcIdToken getOidcIdToken() {
if (this.idToken == null) {
return new OidcIdToken("id-token", null, null, Collections.singletonMap(IdTokenClaimNames.SUB, "test-subject"));
} else {
return this.idToken;
}
}
private OidcUserInfo getOidcUserInfo() {
return this.userInfo;
}
private OidcUser getOidcUser() {
if (this.oidcUser == null) {
return new DefaultOidcUser(getAuthorities(), getOidcIdToken(), this.userInfo);
} else {
return this.oidcUser;
}
}
}
private SecurityMockMvcRequestPostProcessors() {
}
}

View File

@ -0,0 +1,195 @@
/*
* Copyright 2002-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.test.web.servlet.request;
import java.util.Collection;
import java.util.List;
import java.util.stream.Collectors;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.test.context.TestSecurityContextHolder;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.mock;
import static org.powermock.api.mockito.PowerMockito.when;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oidcLogin;
import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
/**
* Tests for {@link SecurityMockMvcRequestPostProcessors#oidcLogin()}
*
* @author Josh Cummings
* @since 5.3
*/
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration
@WebAppConfiguration
public class SecurityMockMvcRequestPostProcessorsOidcLoginTests {
@Autowired
WebApplicationContext context;
MockMvc mvc;
@Before
public void setup() {
// @formatter:off
this.mvc = MockMvcBuilders
.webAppContextSetup(this.context)
.apply(springSecurity())
.build();
// @formatter:on
}
@After
public void cleanup() {
TestSecurityContextHolder.clearContext();
}
@Test
public void oidcLoginWhenUsingDefaultsThenProducesDefaultAuthentication()
throws Exception {
this.mvc.perform(get("/name").with(oidcLogin()))
.andExpect(content().string("test-subject"));
this.mvc.perform(get("/admin/id-token/name").with(oidcLogin()))
.andExpect(status().isForbidden());
}
@Test
public void oidcLoginWhenUsingDefaultsThenProducesDefaultAuthorizedClient()
throws Exception {
ClientRegistration clientRegistration = ClientRegistration.withRegistrationId("test")
.authorizationGrantType(AuthorizationGrantType.PASSWORD)
.clientId("test-client")
.tokenUri("https://token-uri.example.org")
.build();
ClientRegistrationRepository repository = this.context.getBean(ClientRegistrationRepository.class);
when(repository.findByRegistrationId(anyString())).thenReturn(clientRegistration);
this.mvc.perform(get("/access-token").with(oidcLogin().clientRegistration(clientRegistration)))
.andExpect(content().string("access-token"));
}
@Test
public void oidcLoginWhenAuthoritiesSpecifiedThenGrantsAccess() throws Exception {
this.mvc.perform(get("/admin/scopes")
.with(oidcLogin().authorities(new SimpleGrantedAuthority("SCOPE_admin"))))
.andExpect(content().string("[\"SCOPE_admin\"]"));
}
@Test
public void oidcLoginWhenIdTokenSpecifiedThenUserHasClaims() throws Exception {
this.mvc.perform(get("/id-token/iss")
.with(oidcLogin().idToken(i -> i.issuer("https://idp.example.org"))))
.andExpect(content().string("https://idp.example.org"));
}
@Test
public void oidcLoginWhenUserInfoSpecifiedThenUserHasClaims() throws Exception {
this.mvc.perform(get("/user-info/email")
.with(oidcLogin().userInfoToken(u -> u.email("email@email"))))
.andExpect(content().string("email@email"));
}
@EnableWebSecurity
@EnableWebMvc
static class OAuth2LoginConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.mvcMatchers("/admin/**").hasAuthority("SCOPE_admin")
.anyRequest().hasAuthority("SCOPE_user")
.and()
.oauth2Login();
}
@Bean
ClientRegistrationRepository clientRegistrationRepository() {
return mock(ClientRegistrationRepository.class);
}
@Bean
OAuth2AuthorizedClientRepository oAuth2AuthorizedClientRepository() {
return new HttpSessionOAuth2AuthorizedClientRepository();
}
@RestController
static class PrincipalController {
@GetMapping("/name")
String name(@AuthenticationPrincipal OidcUser oidcUser) {
return oidcUser.getName();
}
@GetMapping("/access-token")
String authorizedClient(@RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient) {
return authorizedClient.getAccessToken().getTokenValue();
}
@GetMapping("/id-token/{claim}")
String idTokenClaim(@AuthenticationPrincipal OidcUser oidcUser, @PathVariable("claim") String claim) {
return oidcUser.getIdToken().getClaim(claim);
}
@GetMapping("/user-info/{claim}")
String userInfoClaim(@AuthenticationPrincipal OidcUser oidcUser, @PathVariable("claim") String claim) {
return oidcUser.getUserInfo().getClaim(claim);
}
@GetMapping("/admin/scopes")
List<String> scopes(@AuthenticationPrincipal(expression = "authorities")
Collection<GrantedAuthority> authorities) {
return authorities.stream().map(GrantedAuthority::getAuthority)
.collect(Collectors.toList());
}
}
}
}