mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-01 09:42:13 +00:00
Fix Reactive OIDC to add refresh token
Fixes: gh-5858
This commit is contained in:
parent
72301e548a
commit
cc8935e904
@ -177,7 +177,8 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements
|
|||||||
authorizationCodeAuthentication.getAuthorizationExchange(),
|
authorizationCodeAuthentication.getAuthorizationExchange(),
|
||||||
oauth2User,
|
oauth2User,
|
||||||
mappedAuthorities,
|
mappedAuthorities,
|
||||||
accessToken);
|
accessToken,
|
||||||
|
accessTokenResponse.getRefreshToken());
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -189,6 +189,36 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
|
|||||||
assertThat(result.isAuthenticated()).isTrue();
|
assertThat(result.isAuthenticated()).isTrue();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void authenticationWhenRefreshTokenThenRefreshTokenInAuthorizedClient() {
|
||||||
|
OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
|
||||||
|
.tokenType(OAuth2AccessToken.TokenType.BEARER)
|
||||||
|
.additionalParameters(Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
|
||||||
|
.refreshToken("refresh-token")
|
||||||
|
.build();
|
||||||
|
|
||||||
|
Map<String, Object> claims = new HashMap<>();
|
||||||
|
claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com");
|
||||||
|
claims.put(IdTokenClaimNames.SUB, "rob");
|
||||||
|
claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id"));
|
||||||
|
Instant issuedAt = Instant.now();
|
||||||
|
Instant expiresAt = Instant.from(issuedAt).plusSeconds(3600);
|
||||||
|
Jwt idToken = new Jwt("id-token", issuedAt, expiresAt, claims, claims);
|
||||||
|
|
||||||
|
when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
|
||||||
|
DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken);
|
||||||
|
when(this.userService.loadUser(any())).thenReturn(Mono.just(user));
|
||||||
|
when(this.jwtDecoder.decode(any())).thenReturn(Mono.just(idToken));
|
||||||
|
this.manager.setDecoderFactory(c -> this.jwtDecoder);
|
||||||
|
|
||||||
|
OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager.authenticate(loginToken()).block();
|
||||||
|
|
||||||
|
assertThat(result.getPrincipal()).isEqualTo(user);
|
||||||
|
assertThat(result.getAuthorities()).containsOnlyElementsOf(user.getAuthorities());
|
||||||
|
assertThat(result.isAuthenticated()).isTrue();
|
||||||
|
assertThat(result.getRefreshToken().getTokenValue()).isNotNull();
|
||||||
|
}
|
||||||
|
|
||||||
// gh-5368
|
// gh-5368
|
||||||
@Test
|
@Test
|
||||||
public void authenticateWhenTokenSuccessResponseThenAdditionalParametersAddedToUserRequest() {
|
public void authenticateWhenTokenSuccessResponseThenAdditionalParametersAddedToUserRequest() {
|
||||||
|
Loading…
x
Reference in New Issue
Block a user