diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java
index e86a4e78e8..e5d6a3095f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java
@@ -45,7 +45,7 @@ import java.util.Collection;
* id token credential (for OpenID Connect Authorization Code Flow).
* Additionally, it will also obtain the end-user's (resource owner) attributes from the UserInfo Endpoint
* (using the access token) and create a Principal in the form of an {@link OAuth2User}
- * associating it with the returned {@link OAuth2AuthenticationToken}.
+ * associating it with the returned {@link OAuth2UserAuthenticationToken}.
*
*
* The {@link AuthorizationCodeAuthenticationProvider} uses an {@link AuthorizationGrantTokenExchanger}
@@ -54,19 +54,21 @@ import java.util.Collection;
* If the request is valid, the authorization server will respond back with a {@link TokenResponseAttributes}.
*
*
- * It will then create an {@link OAuth2AuthenticationToken} associating the {@link AccessToken} and optionally
+ * It will then create an {@link OAuth2ClientAuthenticationToken} associating the {@link AccessToken} and optionally
* the {@link IdToken} from the {@link TokenResponseAttributes} and pass it to
- * {@link OAuth2UserService#loadUser(OAuth2AuthenticationToken)} to obtain the end-user's (resource owner) attributes
+ * {@link OAuth2UserService#loadUser(OAuth2ClientAuthenticationToken)} to obtain the end-user's (resource owner) attributes
* in the form of an {@link OAuth2User}.
*
*
- * Finally, it will create another {@link OAuth2AuthenticationToken}, this time associating
- * the {@link AccessToken}, {@link IdToken} and {@link OAuth2User} and return it to the {@link AuthenticationManager},
- * at which point the {@link OAuth2AuthenticationToken} is considered "authenticated".
+ * Finally, it will create an {@link OAuth2UserAuthenticationToken}, associating the {@link OAuth2User}
+ * and {@link OAuth2ClientAuthenticationToken} and return it to the {@link AuthenticationManager},
+ * at which point the {@link OAuth2UserAuthenticationToken} is considered "authenticated".
*
* @author Joe Grandja
* @since 5.0
* @see AuthorizationCodeAuthenticationToken
+ * @see OAuth2ClientAuthenticationToken
+ * @see OAuth2UserAuthenticationToken
* @see AuthorizationGrantTokenExchanger
* @see TokenResponseAttributes
* @see AccessToken
@@ -126,23 +128,22 @@ public class AuthorizationCodeAuthenticationProvider implements AuthenticationPr
idToken = new IdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaims());
}
- OAuth2AuthenticationToken accessTokenAuthentication =
- new OAuth2AuthenticationToken(clientRegistration, accessToken, idToken);
- accessTokenAuthentication.setDetails(authorizationCodeAuthentication.getDetails());
+ OAuth2ClientAuthenticationToken oauth2ClientAuthentication =
+ new OAuth2ClientAuthenticationToken(clientRegistration, accessToken, idToken);
+ oauth2ClientAuthentication.setDetails(authorizationCodeAuthentication.getDetails());
- OAuth2User user = this.userInfoService.loadUser(accessTokenAuthentication);
+ OAuth2User user = this.userInfoService.loadUser(oauth2ClientAuthentication);
Collection authorities =
this.authoritiesMapper.mapAuthorities(user.getAuthorities());
- OAuth2AuthenticationToken authenticationResult = new OAuth2AuthenticationToken(
- user, authorities, accessTokenAuthentication.getClientRegistration(),
- accessTokenAuthentication.getAccessToken(), accessTokenAuthentication.getIdToken());
- authenticationResult.setDetails(accessTokenAuthentication.getDetails());
+ OAuth2UserAuthenticationToken oauth2UserAuthentication =
+ new OAuth2UserAuthenticationToken(user, authorities, oauth2ClientAuthentication);
+ oauth2UserAuthentication.setDetails(oauth2ClientAuthentication.getDetails());
- this.accessTokenRepository.saveSecurityToken(accessToken, authenticationResult);
+ this.accessTokenRepository.saveSecurityToken(accessToken, oauth2UserAuthentication);
- return authenticationResult;
+ return oauth2UserAuthentication;
}
public final void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationToken.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationToken.java
index 6a510d5ff1..6d241c92c7 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationToken.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationToken.java
@@ -45,7 +45,7 @@ public class AuthorizationCodeAuthenticationToken extends AuthorizationGrantAuth
@Override
public Object getPrincipal() {
- return null;
+ return this.getClientRegistration().getClientId();
}
@Override
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationToken.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2ClientAuthenticationToken.java
similarity index 59%
rename from oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationToken.java
rename to oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2ClientAuthenticationToken.java
index 4404d21345..25a10f7574 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationToken.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2ClientAuthenticationToken.java
@@ -17,68 +17,56 @@ package org.springframework.security.oauth2.client.authentication;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
-import org.springframework.security.oauth2.client.user.OAuth2UserService;
import org.springframework.security.oauth2.core.AccessToken;
-import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.oauth2.oidc.core.IdToken;
import org.springframework.util.Assert;
-import java.util.Collection;
-
/**
* An implementation of an {@link AbstractAuthenticationToken}
- * that represents an OAuth 2.0 {@link Authentication}.
+ * that represents an OAuth 2.0 Client {@link Authentication}.
*
*
- * It associates an {@link OAuth2User}, {@link ClientRegistration}, {@link AccessToken} and optionally an {@link IdToken}.
- * This Authentication is considered "authenticated" if the {@link OAuth2User}
- * is provided in the respective constructor. This typically happens after the {@link OAuth2UserService}
- * retrieves the end-user's (resource owner) attributes from the UserInfo Endpoint.
+ * A client is considered "authenticated",
+ * if it receives a successful response from the Token Endpoint.
+ * This {@link Authentication} associates the client identified in {@link #getClientRegistration()}
+ * to the {@link #getAccessToken()} granted by the resource owner.
*
* @author Joe Grandja
* @since 5.0
- * @see OAuth2User
* @see ClientRegistration
* @see AccessToken
* @see IdToken
+ * @see Section 5.1 Access Token Response
*/
-public class OAuth2AuthenticationToken extends AbstractAuthenticationToken {
+public class OAuth2ClientAuthenticationToken extends AbstractAuthenticationToken {
private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
- private final OAuth2User principal;
private final ClientRegistration clientRegistration;
private final AccessToken accessToken;
private final IdToken idToken;
- public OAuth2AuthenticationToken(ClientRegistration clientRegistration, AccessToken accessToken, IdToken idToken) {
- this(null, AuthorityUtils.NO_AUTHORITIES, clientRegistration, accessToken, idToken);
- }
+ public OAuth2ClientAuthenticationToken(ClientRegistration clientRegistration,
+ AccessToken accessToken, IdToken idToken) {
- public OAuth2AuthenticationToken(OAuth2User principal, Collection authorities,
- ClientRegistration clientRegistration, AccessToken accessToken, IdToken idToken) {
-
- super(authorities);
+ super(AuthorityUtils.NO_AUTHORITIES);
Assert.notNull(clientRegistration, "clientRegistration cannot be null");
Assert.notNull(accessToken, "accessToken cannot be null");
- this.principal = principal;
this.clientRegistration = clientRegistration;
this.accessToken = accessToken;
this.idToken = idToken;
- this.setAuthenticated(principal != null);
+ this.setAuthenticated(true); // The Client is authenticated by the Authorization Server
}
@Override
public Object getPrincipal() {
- return this.principal;
+ return this.getClientRegistration().getClientId();
}
@Override
public Object getCredentials() {
- // Credentials are never exposed (by the Provider) for an OAuth2 User
- return "";
+ return this.getAccessToken();
}
public ClientRegistration getClientRegistration() {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2UserAuthenticationToken.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2UserAuthenticationToken.java
new file mode 100644
index 0000000000..75e2cc40ef
--- /dev/null
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2UserAuthenticationToken.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2012-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.client.authentication;
+
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.SpringSecurityCoreVersion;
+import org.springframework.security.oauth2.core.user.OAuth2User;
+import org.springframework.util.Assert;
+
+import java.util.Collection;
+
+/**
+ * An implementation of an {@link AbstractAuthenticationToken}
+ * that represents an OAuth 2.0 User {@link Authentication}.
+ *
+ *
+ * This {@link Authentication} associates an {@link OAuth2User} principal
+ * to an "Authorized Client" identified in {@link #getClientAuthentication()}.
+ *
+ * @author Joe Grandja
+ * @since 5.0
+ * @see OAuth2User
+ * @see OAuth2ClientAuthenticationToken
+ */
+public class OAuth2UserAuthenticationToken extends AbstractAuthenticationToken {
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+ private final OAuth2User principal;
+ private final OAuth2ClientAuthenticationToken clientAuthentication;
+
+ public OAuth2UserAuthenticationToken(OAuth2User principal, Collection authorities,
+ OAuth2ClientAuthenticationToken clientAuthentication) {
+ super(authorities);
+ Assert.notNull(principal, "principal cannot be null");
+ Assert.notNull(clientAuthentication, "clientAuthentication cannot be null");
+ this.principal = principal;
+ this.clientAuthentication = clientAuthentication;
+ this.setAuthenticated(true);
+ }
+
+ @Override
+ public Object getPrincipal() {
+ return this.principal;
+ }
+
+ @Override
+ public Object getCredentials() {
+ // Credentials are never exposed (by the Provider) for an OAuth2 User
+ return "";
+ }
+
+ public OAuth2ClientAuthenticationToken getClientAuthentication() {
+ return this.clientAuthentication;
+ }
+}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/token/InMemoryAccessTokenRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/token/InMemoryAccessTokenRepository.java
index e4e1cb6e7f..98a8f08fb1 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/token/InMemoryAccessTokenRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/token/InMemoryAccessTokenRepository.java
@@ -15,7 +15,7 @@
*/
package org.springframework.security.oauth2.client.token;
-import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
+import org.springframework.security.oauth2.client.authentication.OAuth2UserAuthenticationToken;
import org.springframework.security.oauth2.core.AccessToken;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.oauth2.oidc.core.user.OidcUser;
@@ -37,25 +37,25 @@ public final class InMemoryAccessTokenRepository implements SecurityTokenReposit
private final Map accessTokens = new HashMap<>();
@Override
- public AccessToken loadSecurityToken(OAuth2AuthenticationToken authentication) {
+ public AccessToken loadSecurityToken(OAuth2UserAuthenticationToken authentication) {
Assert.notNull(authentication, "authentication cannot be null");
return this.accessTokens.get(this.resolveAuthenticationKey(authentication));
}
@Override
- public void saveSecurityToken(AccessToken accessToken, OAuth2AuthenticationToken authentication) {
+ public void saveSecurityToken(AccessToken accessToken, OAuth2UserAuthenticationToken authentication) {
Assert.notNull(accessToken, "accessToken cannot be null");
Assert.notNull(authentication, "authentication cannot be null");
this.accessTokens.put(this.resolveAuthenticationKey(authentication), accessToken);
}
@Override
- public void removeSecurityToken(OAuth2AuthenticationToken authentication) {
+ public void removeSecurityToken(OAuth2UserAuthenticationToken authentication) {
Assert.notNull(authentication, "authentication cannot be null");
this.accessTokens.remove(this.resolveAuthenticationKey(authentication));
}
- private String resolveAuthenticationKey(OAuth2AuthenticationToken authentication) {
+ private String resolveAuthenticationKey(OAuth2UserAuthenticationToken authentication) {
String authenticationKey;
OAuth2User oauth2User = (OAuth2User) authentication.getPrincipal();
@@ -63,8 +63,8 @@ public final class InMemoryAccessTokenRepository implements SecurityTokenReposit
OidcUser oidcUser = (OidcUser)oauth2User;
authenticationKey = oidcUser.getIssuer().toString() + "-" + oidcUser.getSubject();
} else {
- authenticationKey = authentication.getClientRegistration().getProviderDetails().getUserInfoUri() +
- "-" + oauth2User.getName();
+ authenticationKey = authentication.getClientAuthentication().getClientRegistration()
+ .getProviderDetails().getUserInfoUri() + "-" + oauth2User.getName();
}
return authenticationKey;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/token/SecurityTokenRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/token/SecurityTokenRepository.java
index 65152a5567..47758104c1 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/token/SecurityTokenRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/token/SecurityTokenRepository.java
@@ -15,22 +15,22 @@
*/
package org.springframework.security.oauth2.client.token;
-import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
+import org.springframework.security.oauth2.client.authentication.OAuth2UserAuthenticationToken;
import org.springframework.security.oauth2.core.SecurityToken;
/**
* Implementations of this interface are responsible for the persistence
- * of {@link SecurityToken}(s) that are associated to an {@link OAuth2AuthenticationToken}.
+ * of {@link SecurityToken}(s) that are associated to an {@link OAuth2UserAuthenticationToken}.
*
* @author Joe Grandja
* @since 5.0
*/
public interface SecurityTokenRepository {
- T loadSecurityToken(OAuth2AuthenticationToken authentication);
+ T loadSecurityToken(OAuth2UserAuthenticationToken authentication);
- void saveSecurityToken(T securityToken, OAuth2AuthenticationToken authentication);
+ void saveSecurityToken(T securityToken, OAuth2UserAuthenticationToken authentication);
- void removeSecurityToken(OAuth2AuthenticationToken authentication);
+ void removeSecurityToken(OAuth2UserAuthenticationToken authentication);
}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/OAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/OAuth2UserService.java
index b765d549e2..01c3f667d8 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/OAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/OAuth2UserService.java
@@ -17,7 +17,7 @@ package org.springframework.security.oauth2.client.user;
import org.springframework.security.core.AuthenticatedPrincipal;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException;
-import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
+import org.springframework.security.oauth2.client.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.oauth2.oidc.core.UserInfo;
import org.springframework.security.oauth2.oidc.core.user.OidcUser;
@@ -25,12 +25,12 @@ import org.springframework.security.oauth2.oidc.core.user.OidcUser;
/**
* Implementations of this interface are responsible for obtaining
* the end-user's (resource owner) attributes from the UserInfo Endpoint
- * using the provided {@link OAuth2AuthenticationToken#getAccessToken()}
+ * using the provided {@link OAuth2ClientAuthenticationToken#getAccessToken()}
* and returning an {@link AuthenticatedPrincipal} in the form of an {@link OAuth2User}.
*
* @author Joe Grandja
* @since 5.0
- * @see OAuth2AuthenticationToken
+ * @see OAuth2ClientAuthenticationToken
* @see AuthenticatedPrincipal
* @see OAuth2User
* @see OidcUser
@@ -38,6 +38,6 @@ import org.springframework.security.oauth2.oidc.core.user.OidcUser;
*/
public interface OAuth2UserService {
- OAuth2User loadUser(OAuth2AuthenticationToken token) throws OAuth2AuthenticationException;
+ OAuth2User loadUser(OAuth2ClientAuthenticationToken token) throws OAuth2AuthenticationException;
}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/web/nimbus/NimbusOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/web/nimbus/NimbusOAuth2UserService.java
index b650e65cde..47647831e4 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/web/nimbus/NimbusOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/web/nimbus/NimbusOAuth2UserService.java
@@ -29,7 +29,7 @@ import org.springframework.http.converter.json.MappingJackson2HttpMessageConvert
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException;
-import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
+import org.springframework.security.oauth2.client.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.user.OAuth2UserService;
import org.springframework.security.oauth2.core.OAuth2Error;
@@ -64,7 +64,7 @@ import java.util.Set;
*
* @author Joe Grandja
* @since 5.0
- * @see OAuth2AuthenticationToken
+ * @see OAuth2ClientAuthenticationToken
* @see OAuth2User
* @see OidcUser
* @see UserInfo
@@ -80,7 +80,7 @@ public class NimbusOAuth2UserService implements OAuth2UserService {
}
@Override
- public final OAuth2User loadUser(OAuth2AuthenticationToken token) throws OAuth2AuthenticationException {
+ public final OAuth2User loadUser(OAuth2ClientAuthenticationToken token) throws OAuth2AuthenticationException {
URI userInfoUri = this.getUserInfoUri(token);
if (this.getCustomUserTypes().containsKey(userInfoUri)) {
@@ -93,7 +93,7 @@ public class NimbusOAuth2UserService implements OAuth2UserService {
return this.loadOAuth2User(token);
}
- protected OAuth2User loadOidcUser(OAuth2AuthenticationToken token) throws OAuth2AuthenticationException {
+ protected OAuth2User loadOidcUser(OAuth2ClientAuthenticationToken token) throws OAuth2AuthenticationException {
// TODO Retrieving the UserInfo should be optional. Need to add the capability for opting in/out
Map userAttributes = this.getUserInfo(token);
UserInfo userInfo = new UserInfo(userAttributes);
@@ -105,7 +105,7 @@ public class NimbusOAuth2UserService implements OAuth2UserService {
return new DefaultOidcUser(authorities, token.getIdToken(), userInfo);
}
- protected OAuth2User loadOAuth2User(OAuth2AuthenticationToken token) throws OAuth2AuthenticationException {
+ protected OAuth2User loadOAuth2User(OAuth2ClientAuthenticationToken token) throws OAuth2AuthenticationException {
URI userInfoUri = this.getUserInfoUri(token);
if (!this.getUserNameAttributeNames().containsKey(userInfoUri)) {
throw new IllegalArgumentException("The attribute name for the \"user's name\" is required for the OAuth2User " +
@@ -122,7 +122,7 @@ public class NimbusOAuth2UserService implements OAuth2UserService {
return new DefaultOAuth2User(authorities, userAttributes, userNameAttributeName);
}
- protected OAuth2User loadCustomUser(OAuth2AuthenticationToken token) throws OAuth2AuthenticationException {
+ protected OAuth2User loadCustomUser(OAuth2ClientAuthenticationToken token) throws OAuth2AuthenticationException {
URI userInfoUri = this.getUserInfoUri(token);
Class customUserType = this.getCustomUserTypes().get(userInfoUri);
@@ -146,7 +146,7 @@ public class NimbusOAuth2UserService implements OAuth2UserService {
return user;
}
- protected Map getUserInfo(OAuth2AuthenticationToken token) throws OAuth2AuthenticationException {
+ protected Map getUserInfo(OAuth2ClientAuthenticationToken token) throws OAuth2AuthenticationException {
URI userInfoUri = this.getUserInfoUri(token);
BearerAccessToken accessToken = new BearerAccessToken(token.getAccessToken().getTokenValue());
@@ -219,7 +219,7 @@ public class NimbusOAuth2UserService implements OAuth2UserService {
this.customUserTypes = Collections.unmodifiableMap(new HashMap<>(customUserTypes));
}
- private URI getUserInfoUri(OAuth2AuthenticationToken token) {
+ private URI getUserInfoUri(OAuth2ClientAuthenticationToken token) {
ClientRegistration clientRegistration = token.getClientRegistration();
try {
return new URI(clientRegistration.getProviderDetails().getUserInfoUri());
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationProcessingFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationProcessingFilter.java
index 50fa541f49..3717309020 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationProcessingFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationProcessingFilter.java
@@ -21,7 +21,8 @@ import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationProvider;
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException;
-import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
+import org.springframework.security.oauth2.client.authentication.OAuth2ClientAuthenticationToken;
+import org.springframework.security.oauth2.client.authentication.OAuth2UserAuthenticationToken;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.user.OAuth2UserService;
@@ -29,7 +30,11 @@ import org.springframework.security.oauth2.client.web.converter.AuthorizationCod
import org.springframework.security.oauth2.client.web.converter.ErrorResponseAttributesConverter;
import org.springframework.security.oauth2.core.AccessToken;
import org.springframework.security.oauth2.core.OAuth2Error;
-import org.springframework.security.oauth2.core.endpoint.*;
+import org.springframework.security.oauth2.core.endpoint.AuthorizationCodeAuthorizationResponseAttributes;
+import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
+import org.springframework.security.oauth2.core.endpoint.ErrorResponseAttributes;
+import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;
+import org.springframework.security.oauth2.core.endpoint.TokenResponseAttributes;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@@ -70,16 +75,16 @@ import java.io.IOException;
* If the request is valid, the authorization server will respond back with a {@link TokenResponseAttributes}.
*
*
- * The {@link AuthorizationCodeAuthenticationProvider} will then create a new {@link OAuth2AuthenticationToken}
+ * The {@link AuthorizationCodeAuthenticationProvider} will then create a new {@link OAuth2ClientAuthenticationToken}
* associating the {@link AccessToken} from the {@link TokenResponseAttributes} and pass it to
- * {@link OAuth2UserService#loadUser(OAuth2AuthenticationToken)}. The {@link OAuth2UserService} will make a request
+ * {@link OAuth2UserService#loadUser(OAuth2ClientAuthenticationToken)}. The {@link OAuth2UserService} will make a request
* to the authorization server's UserInfo Endpoint (using the {@link AccessToken})
* to obtain the end-user's (resource owner) attributes and return it in the form of an {@link OAuth2User}.
*
*
- * The {@link AuthorizationCodeAuthenticationProvider} will create another new {@link OAuth2AuthenticationToken}
- * but this time associating the {@link AccessToken} and {@link OAuth2User} returned from the {@link OAuth2UserService}.
- * Finally, the {@link OAuth2AuthenticationToken} is returned to the {@link AuthenticationManager}
+ * The {@link AuthorizationCodeAuthenticationProvider} will then create a {@link OAuth2UserAuthenticationToken}
+ * associating the {@link OAuth2ClientAuthenticationToken} and {@link OAuth2User} returned from the {@link OAuth2UserService}.
+ * Finally, the {@link OAuth2UserAuthenticationToken} is returned to the {@link AuthenticationManager}
* and then back to this Filter at which point the session is considered "authenticated".
*
*
diff --git a/samples/boot/oauth2login/src/main/java/sample/web/MainController.java b/samples/boot/oauth2login/src/main/java/sample/web/MainController.java
index 90697b3f83..79c8faac81 100644
--- a/samples/boot/oauth2login/src/main/java/sample/web/MainController.java
+++ b/samples/boot/oauth2login/src/main/java/sample/web/MainController.java
@@ -17,7 +17,7 @@ package sample.web;
import org.springframework.http.HttpHeaders;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
-import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
+import org.springframework.security.oauth2.client.authentication.OAuth2UserAuthenticationToken;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
@@ -38,18 +38,18 @@ public class MainController {
@RequestMapping("/")
- public String index(Model model, @AuthenticationPrincipal OAuth2User user, OAuth2AuthenticationToken authentication) {
+ public String index(Model model, @AuthenticationPrincipal OAuth2User user, OAuth2UserAuthenticationToken authentication) {
model.addAttribute("userName", user.getName());
- model.addAttribute("clientName", authentication.getClientRegistration().getClientName());
+ model.addAttribute("clientName", authentication.getClientAuthentication().getClientRegistration().getClientName());
return "index";
}
@RequestMapping("/userinfo")
- public String userinfo(Model model, OAuth2AuthenticationToken authentication) {
+ public String userinfo(Model model, OAuth2UserAuthenticationToken authentication) {
Map userAttributes = this.webClient
.filter(oauth2Credentials(authentication))
.get()
- .uri(authentication.getClientRegistration().getProviderDetails().getUserInfoUri())
+ .uri(authentication.getClientAuthentication().getClientRegistration().getProviderDetails().getUserInfoUri())
.retrieve()
.bodyToMono(Map.class)
.block();
@@ -57,11 +57,11 @@ public class MainController {
return "userinfo";
}
- private ExchangeFilterFunction oauth2Credentials(OAuth2AuthenticationToken authentication) {
+ private ExchangeFilterFunction oauth2Credentials(OAuth2UserAuthenticationToken authentication) {
return ExchangeFilterFunction.ofRequestProcessor(
clientRequest -> {
ClientRequest authorizedRequest = ClientRequest.from(clientRequest)
- .header(HttpHeaders.AUTHORIZATION, "Bearer " + authentication.getAccessToken().getTokenValue())
+ .header(HttpHeaders.AUTHORIZATION, "Bearer " + authentication.getClientAuthentication().getAccessToken().getTokenValue())
.build();
return Mono.just(authorizedRequest);
});