Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-01 09:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix Reactive OIDC to add refresh token

Browse Source 
Fixes: gh-5858
This commit is contained in:
Rob Winch 2018-09-17 14:03:52 -05:00
parent 72301e548a
commit cc8935e904
2 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
View File

@ -177,7 +177,8 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements
authorizationCodeAuthentication.getAuthorizationExchange(), authorizationCodeAuthentication.getAuthorizationExchange(),
oauth2User, oauth2User,
mappedAuthorities, mappedAuthorities,
accessToken); accessToken,
accessTokenResponse.getRefreshToken());
}); });
} }

30
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
View File

@ -189,6 +189,36 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
assertThat(result.isAuthenticated()).isTrue(); assertThat(result.isAuthenticated()).isTrue();
} }
@Test
public void authenticationWhenRefreshTokenThenRefreshTokenInAuthorizedClient() {
OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
.tokenType(OAuth2AccessToken.TokenType.BEARER)
.additionalParameters(Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
.refreshToken("refresh-token")
.build();
Map<String, Object> claims = new HashMap<>();
claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com");
claims.put(IdTokenClaimNames.SUB, "rob");
claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id"));
Instant issuedAt = Instant.now();
Instant expiresAt = Instant.from(issuedAt).plusSeconds(3600);
Jwt idToken = new Jwt("id-token", issuedAt, expiresAt, claims, claims);
when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken);
when(this.userService.loadUser(any())).thenReturn(Mono.just(user));
when(this.jwtDecoder.decode(any())).thenReturn(Mono.just(idToken));
this.manager.setDecoderFactory(c -> this.jwtDecoder);
OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager.authenticate(loginToken()).block();
assertThat(result.getPrincipal()).isEqualTo(user);
assertThat(result.getAuthorities()).containsOnlyElementsOf(user.getAuthorities());
assertThat(result.isAuthenticated()).isTrue();
assertThat(result.getRefreshToken().getTokenValue()).isNotNull();
}
// gh-5368 // gh-5368
@Test @Test
public void authenticateWhenTokenSuccessResponseThenAdditionalParametersAddedToUserRequest() { public void authenticateWhenTokenSuccessResponseThenAdditionalParametersAddedToUserRequest() {