Add tests for overriding parameters

Issue gh-15298 Issue gh-11298
2024-09-14 16:05:12 -05:00 · 2024-09-14 16:05:12 -05:00 · c1a303bc92
parent 5d8cf6a8bc
commit c1a303bc92
5 changed files with 160 additions and 0 deletions
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/RestClientAuthorizationCodeTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/RestClientAuthorizationCodeTokenResponseClientTests.java
@ -445,6 +445,38 @@ public class RestClientAuthorizationCodeTokenResponseClientTests {
 		assertThat(formParameters).contains("custom-parameter-name=custom-parameter-value");
 	}

+	@Test
+	public void getTokenResponseWhenParametersConverterSetThenAbleToOverrideDefaultParameters() throws Exception {
+		this.clientRegistration.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST);
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+				+ "   \"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n"
+				+ "   \"expires_in\": \"3600\"\n"
+				+ "}\n";
+		// @formatter:on
+		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
+		ClientRegistration clientRegistration = this.clientRegistration.build();
+		OAuth2AuthorizationCodeGrantRequest grantRequest = new OAuth2AuthorizationCodeGrantRequest(clientRegistration,
+				this.authorizationExchange);
+		MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>();
+		parameters.set(OAuth2ParameterNames.GRANT_TYPE, "custom");
+		parameters.set(OAuth2ParameterNames.CODE, "custom-code");
+		parameters.set(OAuth2ParameterNames.REDIRECT_URI, "custom-uri");
+		// The client_id parameter is omitted for testing purposes
+		this.tokenResponseClient.setParametersConverter((authorizationGrantRequest) -> parameters);
+		this.tokenResponseClient.getTokenResponse(grantRequest);
+		RecordedRequest recordedRequest = this.server.takeRequest();
+		String formParameters = recordedRequest.getBody().readUtf8();
+		// @formatter:off
+		assertThat(formParameters).contains(
+				param(OAuth2ParameterNames.GRANT_TYPE, "custom"),
+				param(OAuth2ParameterNames.CODE, "custom-code"),
+				param(OAuth2ParameterNames.REDIRECT_URI, "custom-uri"));
+		// @formatter:on
+		assertThat(formParameters).doesNotContain(OAuth2ParameterNames.CLIENT_ID);
+	}
+
 	@Test
 	public void getTokenResponseWhenParametersConverterAddedThenCalled() throws Exception {
 		// @formatter:off
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/RestClientClientCredentialsTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/RestClientClientCredentialsTokenResponseClientTests.java
@ -453,6 +453,38 @@ public class RestClientClientCredentialsTokenResponseClientTests {
 		assertThat(formParameters).contains("custom-parameter-name=custom-parameter-value");
 	}

+	@Test
+	public void getTokenResponseWhenParametersConverterSetThenAbleToOverrideDefaultParameters() throws Exception {
+		this.clientRegistration.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST);
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+				+ "   \"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n"
+				+ "   \"expires_in\": \"3600\"\n"
+				+ "}\n";
+		// @formatter:on
+		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
+		ClientRegistration clientRegistration = this.clientRegistration.build();
+		OAuth2ClientCredentialsGrantRequest grantRequest = new OAuth2ClientCredentialsGrantRequest(clientRegistration);
+		Converter<OAuth2ClientCredentialsGrantRequest, MultiValueMap<String, String>> parametersConverter = mock(
+				Converter.class);
+		MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>();
+		parameters.set(OAuth2ParameterNames.GRANT_TYPE, "custom");
+		parameters.set(OAuth2ParameterNames.SCOPE, "one two");
+		// The client_id parameter is omitted for testing purposes
+		given(parametersConverter.convert(grantRequest)).willReturn(parameters);
+		this.tokenResponseClient.setParametersConverter((authorizationGrantRequest) -> parameters);
+		this.tokenResponseClient.getTokenResponse(grantRequest);
+		RecordedRequest recordedRequest = this.server.takeRequest();
+		String formParameters = recordedRequest.getBody().readUtf8();
+		// @formatter:off
+		assertThat(formParameters).contains(
+				param(OAuth2ParameterNames.GRANT_TYPE, "custom"),
+				param(OAuth2ParameterNames.SCOPE, "one two"));
+		// @formatter:on
+		assertThat(formParameters).doesNotContain(OAuth2ParameterNames.CLIENT_ID);
+	}
+
 	@Test
 	public void getTokenResponseWhenParametersConverterAddedThenCalled() throws Exception {
 		// @formatter:off
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/RestClientJwtBearerTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/RestClientJwtBearerTokenResponseClientTests.java
@ -396,6 +396,38 @@ public class RestClientJwtBearerTokenResponseClientTests {

 	@Test
 	public void getTokenResponseWhenParametersConverterSetThenCalled() throws Exception {
+		this.clientRegistration.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST);
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+				+ "   \"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n"
+				+ "   \"expires_in\": \"3600\"\n"
+				+ "}\n";
+		// @formatter:on
+		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
+		ClientRegistration clientRegistration = this.clientRegistration.build();
+		JwtBearerGrantRequest grantRequest = new JwtBearerGrantRequest(clientRegistration, this.jwtAssertion);
+		MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>();
+		parameters.set(OAuth2ParameterNames.GRANT_TYPE, "custom");
+		parameters.set(OAuth2ParameterNames.ASSERTION, "custom-assertion");
+		parameters.set(OAuth2ParameterNames.SCOPE, "one two");
+		// The client_id parameter is omitted for testing purposes
+		this.tokenResponseClient.setParametersConverter((authorizationGrantRequest) -> parameters);
+		this.tokenResponseClient.getTokenResponse(grantRequest);
+		RecordedRequest recordedRequest = this.server.takeRequest();
+		String formParameters = recordedRequest.getBody().readUtf8();
+		// @formatter:off
+		assertThat(formParameters).contains(
+				param(OAuth2ParameterNames.GRANT_TYPE, "custom"),
+				param(OAuth2ParameterNames.ASSERTION, "custom-assertion"),
+				param(OAuth2ParameterNames.SCOPE, "one two"));
+		// @formatter:on
+		assertThat(formParameters).doesNotContain(OAuth2ParameterNames.CLIENT_ID);
+	}
+
+	@Test
+	public void getTokenResponseWhenParametersConverterSetThenAbleToOverrideDefaultParameters() throws Exception {
+		this.clientRegistration.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST);
 		// @formatter:off
 		String accessTokenSuccessResponse = "{\n"
 				+ "   \"access_token\": \"access-token-1234\",\n"
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/RestClientRefreshTokenTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/RestClientRefreshTokenTokenResponseClientTests.java
@ -473,6 +473,38 @@ public class RestClientRefreshTokenTokenResponseClientTests {
 		assertThat(formParameters).contains("custom-parameter-name=custom-parameter-value");
 	}

+	@Test
+	public void getTokenResponseWhenParametersConverterSetThenAbleToOverrideDefaultParameters() throws Exception {
+		this.clientRegistration.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST);
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+				+ "   \"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n"
+				+ "   \"expires_in\": \"3600\"\n"
+				+ "}\n";
+		// @formatter:on
+		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
+		ClientRegistration clientRegistration = this.clientRegistration.build();
+		OAuth2RefreshTokenGrantRequest grantRequest = new OAuth2RefreshTokenGrantRequest(clientRegistration,
+				this.accessToken, this.refreshToken);
+		MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>();
+		parameters.set(OAuth2ParameterNames.GRANT_TYPE, "custom");
+		parameters.set(OAuth2ParameterNames.REFRESH_TOKEN, "custom-token");
+		parameters.set(OAuth2ParameterNames.SCOPE, "one two");
+		// The client_id parameter is omitted for testing purposes
+		this.tokenResponseClient.setParametersConverter((authorizationGrantRequest) -> parameters);
+		this.tokenResponseClient.getTokenResponse(grantRequest);
+		RecordedRequest recordedRequest = this.server.takeRequest();
+		String formParameters = recordedRequest.getBody().readUtf8();
+		// @formatter:off
+		assertThat(formParameters).contains(
+				param(OAuth2ParameterNames.GRANT_TYPE, "custom"),
+				param(OAuth2ParameterNames.REFRESH_TOKEN, "custom-token"),
+				param(OAuth2ParameterNames.SCOPE, "one two"));
+		// @formatter:on
+		assertThat(formParameters).doesNotContain(OAuth2ParameterNames.CLIENT_ID);
+	}
+
 	@Test
 	public void getTokenResponseWhenParametersConverterAddedThenCalled() throws Exception {
 		// @formatter:off
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/RestClientTokenExchangeTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/RestClientTokenExchangeTokenResponseClientTests.java
@ -569,6 +569,38 @@ public class RestClientTokenExchangeTokenResponseClientTests {
 		assertThat(formParameters).contains("custom-parameter-name=custom-parameter-value");
 	}

+	@Test
+	public void getTokenResponseWhenParametersConverterSetThenAbleToOverrideDefaultParameters() throws Exception {
+		this.clientRegistration.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST);
+		// @formatter:off
+		String accessTokenSuccessResponse = "{\n"
+				+ "   \"access_token\": \"access-token-1234\",\n"
+				+ "   \"token_type\": \"bearer\",\n"
+				+ "   \"expires_in\": \"3600\"\n"
+				+ "}\n";
+		// @formatter:on
+		this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
+		ClientRegistration clientRegistration = this.clientRegistration.build();
+		TokenExchangeGrantRequest grantRequest = new TokenExchangeGrantRequest(clientRegistration, this.subjectToken,
+				this.actorToken);
+		MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>();
+		parameters.set(OAuth2ParameterNames.GRANT_TYPE, "custom");
+		parameters.set(OAuth2ParameterNames.SCOPE, "one two");
+		parameters.set(OAuth2ParameterNames.SUBJECT_TOKEN, "custom-token");
+		// The client_id parameter is omitted for testing purposes
+		this.tokenResponseClient.setParametersConverter((authorizationGrantRequest) -> parameters);
+		this.tokenResponseClient.getTokenResponse(grantRequest);
+		RecordedRequest recordedRequest = this.server.takeRequest();
+		String formParameters = recordedRequest.getBody().readUtf8();
+		// @formatter:off
+		assertThat(formParameters).contains(
+				param(OAuth2ParameterNames.GRANT_TYPE, "custom"),
+				param(OAuth2ParameterNames.SCOPE, "one two"),
+				param(OAuth2ParameterNames.SUBJECT_TOKEN, "custom-token"));
+		// @formatter:on
+		assertThat(formParameters).doesNotContain(OAuth2ParameterNames.CLIENT_ID);
+	}
+
 	@Test
 	public void getTokenResponseWhenParametersConverterAddedThenCalled() throws Exception {
 		// @formatter:off