OAuth2LoginReactiveAuthenticationManager uses OAuth2AuthorizationCodeReactiveAuthenticationManager
Issue: gh-5620
This commit is contained in:
Rob Winch
parent
8b67154e77
commit
d0ebe47cd5
|
|
@ -40,9 +40,9 @@ import org.springframework.security.oauth2.client.registration.ReactiveClientReg
|
|||
import org.springframework.security.oauth2.client.userinfo.DefaultReactiveOAuth2UserService;
|
||||
import org.springframework.security.oauth2.client.userinfo.ReactiveOAuth2UserService;
|
||||
import org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter;
|
||||
import org.springframework.security.oauth2.client.web.server.ServerOAuth2LoginAuthenticationTokenConverter;
|
||||
import org.springframework.security.oauth2.client.web.server.AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository;
|
||||
import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
|
||||
import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationCodeAuthenticationTokenConverter;
|
||||
import org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter;
|
||||
import org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder;
|
||||
import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
|
||||
|
|
@ -491,7 +491,7 @@ public class ServerHttpSecurity {
|
|||
|
||||
AuthenticationWebFilter authenticationFilter = new OAuth2LoginAuthenticationWebFilter(manager, authorizedClientRepository);
|
||||
authenticationFilter.setRequiresAuthenticationMatcher(new PathPatternParserServerWebExchangeMatcher("/login/oauth2/code/{registrationId}"));
|
||||
authenticationFilter.setServerAuthenticationConverter(new ServerOAuth2LoginAuthenticationTokenConverter(clientRegistrationRepository));
|
||||
authenticationFilter.setServerAuthenticationConverter(new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(clientRegistrationRepository));
|
||||
|
||||
RedirectServerAuthenticationSuccessHandler redirectHandler = new RedirectServerAuthenticationSuccessHandler();
|
||||
|
||||
|
|
|
|||
|
|
@ -25,6 +25,8 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExch
|
|||
import org.springframework.util.Assert;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* An {@link AbstractAuthenticationToken} for the OAuth 2.0 Authorization Code Grant.
|
||||
|
|
@ -39,6 +41,7 @@ import java.util.Collections;
|
|||
*/
|
||||
public class OAuth2AuthorizationCodeAuthenticationToken extends AbstractAuthenticationToken {
|
||||
private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
|
||||
private Map<String, Object> additionalParameters = new HashMap<>();
|
||||
private ClientRegistration clientRegistration;
|
||||
private OAuth2AuthorizationExchange authorizationExchange;
|
||||
private OAuth2AccessToken accessToken;
|
||||
|
|
@ -86,11 +89,17 @@ public class OAuth2AuthorizationCodeAuthenticationToken extends AbstractAuthenti
|
|||
OAuth2AuthorizationExchange authorizationExchange,
|
||||
OAuth2AccessToken accessToken,
|
||||
@Nullable OAuth2RefreshToken refreshToken) {
|
||||
this(clientRegistration, authorizationExchange, accessToken, refreshToken, Collections.emptyMap());
|
||||
}
|
||||
|
||||
public OAuth2AuthorizationCodeAuthenticationToken(ClientRegistration clientRegistration, OAuth2AuthorizationExchange authorizationExchange, OAuth2AccessToken accessToken, OAuth2RefreshToken refreshToken,
|
||||
Map<String, Object> additionalParameters) {
|
||||
this(clientRegistration, authorizationExchange);
|
||||
Assert.notNull(accessToken, "accessToken cannot be null");
|
||||
this.accessToken = accessToken;
|
||||
this.refreshToken = refreshToken;
|
||||
this.setAuthenticated(true);
|
||||
this.additionalParameters.putAll(additionalParameters);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -140,4 +149,13 @@ public class OAuth2AuthorizationCodeAuthenticationToken extends AbstractAuthenti
|
|||
public @Nullable OAuth2RefreshToken getRefreshToken() {
|
||||
return this.refreshToken;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the additional parameters
|
||||
*
|
||||
* @return the additional parameters
|
||||
*/
|
||||
public Map<String, Object> getAdditionalParameters() {
|
||||
return this.additionalParameters;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ public class OAuth2AuthorizationCodeReactiveAuthenticationManager implements
|
|||
OAuth2AuthorizationExchange exchange = token.getAuthorizationExchange();
|
||||
OAuth2AccessToken accessToken = accessTokenResponse.getAccessToken();
|
||||
OAuth2RefreshToken refreshToken = accessTokenResponse.getRefreshToken();
|
||||
return new OAuth2AuthorizationCodeAuthenticationToken(registration, exchange, accessToken, refreshToken);
|
||||
return new OAuth2AuthorizationCodeAuthenticationToken(registration, exchange, accessToken, refreshToken, accessTokenResponse.getAdditionalParameters());
|
||||
};
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,26 +15,21 @@
|
|||
*/
|
||||
package org.springframework.security.oauth2.client.authentication;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Map;
|
||||
|
||||
import org.springframework.security.authentication.ReactiveAuthenticationManager;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService;
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
|
||||
import org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient;
|
||||
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
|
||||
import org.springframework.security.oauth2.client.userinfo.ReactiveOAuth2UserService;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* An implementation of an {@link org.springframework.security.authentication.AuthenticationProvider} for OAuth 2.0 Login,
|
||||
|
|
@ -62,7 +57,7 @@ import reactor.core.publisher.Mono;
|
|||
*/
|
||||
public class OAuth2LoginReactiveAuthenticationManager implements
|
||||
ReactiveAuthenticationManager {
|
||||
private final ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
|
||||
private final ReactiveAuthenticationManager authorizationCodeManager;
|
||||
|
||||
private final ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> userService;
|
||||
|
||||
|
|
@ -73,18 +68,18 @@ public class OAuth2LoginReactiveAuthenticationManager implements
|
|||
ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> userService) {
|
||||
Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
|
||||
Assert.notNull(userService, "userService cannot be null");
|
||||
this.accessTokenResponseClient = accessTokenResponseClient;
|
||||
this.authorizationCodeManager = new OAuth2AuthorizationCodeReactiveAuthenticationManager(accessTokenResponseClient);
|
||||
this.userService = userService;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Mono<Authentication> authenticate(Authentication authentication) {
|
||||
return Mono.defer(() -> {
|
||||
OAuth2LoginAuthenticationToken authorizationCodeAuthentication = (OAuth2LoginAuthenticationToken) authentication;
|
||||
OAuth2AuthorizationCodeAuthenticationToken token = (OAuth2AuthorizationCodeAuthenticationToken) authentication;
|
||||
|
||||
// Section 3.1.2.1 Authentication Request - http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
|
||||
// scope REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
|
||||
if (authorizationCodeAuthentication.getAuthorizationExchange()
|
||||
if (token.getAuthorizationExchange()
|
||||
.getAuthorizationRequest().getScopes().contains("openid")) {
|
||||
// This is an OpenID Connect Authentication Request so return null
|
||||
// and let OidcAuthorizationCodeReactiveAuthenticationManager handle it instead once one is created
|
||||
|
|
@ -92,34 +87,28 @@ public class OAuth2LoginReactiveAuthenticationManager implements
|
|||
// return Mono.empty();
|
||||
}
|
||||
|
||||
OAuth2AuthorizationExchangeValidator.validate(authorizationCodeAuthentication.getAuthorizationExchange());
|
||||
|
||||
OAuth2AuthorizationCodeGrantRequest authzRequest = new OAuth2AuthorizationCodeGrantRequest(
|
||||
authorizationCodeAuthentication.getClientRegistration(),
|
||||
authorizationCodeAuthentication.getAuthorizationExchange());
|
||||
|
||||
return this.accessTokenResponseClient.getTokenResponse(authzRequest)
|
||||
.flatMap(accessTokenResponse -> authenticationResult(authorizationCodeAuthentication, accessTokenResponse));
|
||||
return this.authorizationCodeManager.authenticate(token)
|
||||
.cast(OAuth2AuthorizationCodeAuthenticationToken.class)
|
||||
.flatMap(this::onSuccess);
|
||||
});
|
||||
}
|
||||
|
||||
private Mono<OAuth2LoginAuthenticationToken> authenticationResult(OAuth2LoginAuthenticationToken authorizationCodeAuthentication, OAuth2AccessTokenResponse accessTokenResponse) {
|
||||
OAuth2AccessToken accessToken = accessTokenResponse.getAccessToken();
|
||||
Map<String, Object> additionalParameters = accessTokenResponse.getAdditionalParameters();
|
||||
OAuth2UserRequest userRequest = new OAuth2UserRequest(
|
||||
authorizationCodeAuthentication.getClientRegistration(), accessToken, additionalParameters);
|
||||
private Mono<OAuth2LoginAuthenticationToken> onSuccess(OAuth2AuthorizationCodeAuthenticationToken authentication) {
|
||||
OAuth2AccessToken accessToken = authentication.getAccessToken();
|
||||
Map<String, Object> additionalParameters = authentication.getAdditionalParameters();
|
||||
OAuth2UserRequest userRequest = new OAuth2UserRequest(authentication.getClientRegistration(), accessToken, additionalParameters);
|
||||
return this.userService.loadUser(userRequest)
|
||||
.map(oauth2User -> {
|
||||
Collection<? extends GrantedAuthority> mappedAuthorities =
|
||||
this.authoritiesMapper.mapAuthorities(oauth2User.getAuthorities());
|
||||
|
||||
OAuth2LoginAuthenticationToken authenticationResult = new OAuth2LoginAuthenticationToken(
|
||||
authorizationCodeAuthentication.getClientRegistration(),
|
||||
authorizationCodeAuthentication.getAuthorizationExchange(),
|
||||
authentication.getClientRegistration(),
|
||||
authentication.getAuthorizationExchange(),
|
||||
oauth2User,
|
||||
mappedAuthorities,
|
||||
accessToken,
|
||||
accessTokenResponse.getRefreshToken());
|
||||
authentication.getRefreshToken());
|
||||
return authenticationResult;
|
||||
});
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ import org.springframework.security.authentication.ReactiveAuthenticationManager
|
|||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
|
||||
import org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient;
|
||||
|
|
@ -98,7 +99,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements
|
|||
@Override
|
||||
public Mono<Authentication> authenticate(Authentication authentication) {
|
||||
return Mono.defer(() -> {
|
||||
OAuth2LoginAuthenticationToken authorizationCodeAuthentication = (OAuth2LoginAuthenticationToken) authentication;
|
||||
OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = (OAuth2AuthorizationCodeAuthenticationToken) authentication;
|
||||
|
||||
// Section 3.1.2.1 Authentication Request - http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
|
||||
// scope REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
|
||||
|
|
@ -149,7 +150,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements
|
|||
this.decoderFactory = decoderFactory;
|
||||
}
|
||||
|
||||
private Mono<OAuth2LoginAuthenticationToken> authenticationResult(OAuth2LoginAuthenticationToken authorizationCodeAuthentication, OAuth2AccessTokenResponse accessTokenResponse) {
|
||||
private Mono<OAuth2LoginAuthenticationToken> authenticationResult(OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication, OAuth2AccessTokenResponse accessTokenResponse) {
|
||||
OAuth2AccessToken accessToken = accessTokenResponse.getAccessToken();
|
||||
ClientRegistration clientRegistration = authorizationCodeAuthentication.getClientRegistration();
|
||||
Map<String, Object> additionalParameters = accessTokenResponse.getAdditionalParameters();
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@
|
|||
package org.springframework.security.oauth2.client.web.server;
|
||||
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
|
|
@ -30,7 +31,6 @@ import org.springframework.util.Assert;
|
|||
import org.springframework.util.MultiValueMap;
|
||||
import org.springframework.web.server.ServerWebExchange;
|
||||
import org.springframework.web.util.UriComponentsBuilder;
|
||||
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
/**
|
||||
|
|
@ -40,7 +40,7 @@ import reactor.core.publisher.Mono;
|
|||
* @since 5.1
|
||||
* @see org.springframework.security.web.server.authentication.AuthenticationWebFilter#setServerAuthenticationConverter(ServerAuthenticationConverter)
|
||||
*/
|
||||
public class ServerOAuth2LoginAuthenticationTokenConverter
|
||||
public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverter
|
||||
implements ServerAuthenticationConverter {
|
||||
|
||||
static final String AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE = "authorization_request_not_found";
|
||||
|
|
@ -52,7 +52,7 @@ public class ServerOAuth2LoginAuthenticationTokenConverter
|
|||
|
||||
private final ReactiveClientRegistrationRepository clientRegistrationRepository;
|
||||
|
||||
public ServerOAuth2LoginAuthenticationTokenConverter(
|
||||
public ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(
|
||||
ReactiveClientRegistrationRepository clientRegistrationRepository) {
|
||||
Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
|
||||
this.clientRegistrationRepository = clientRegistrationRepository;
|
||||
|
|
@ -83,7 +83,7 @@ public class ServerOAuth2LoginAuthenticationTokenConverter
|
|||
});
|
||||
}
|
||||
|
||||
private Mono<OAuth2LoginAuthenticationToken> authenticationRequest(ServerWebExchange exchange, OAuth2AuthorizationRequest authorizationRequest) {
|
||||
private Mono<OAuth2AuthorizationCodeAuthenticationToken> authenticationRequest(ServerWebExchange exchange, OAuth2AuthorizationRequest authorizationRequest) {
|
||||
return Mono.just(authorizationRequest)
|
||||
.map(OAuth2AuthorizationRequest::getAdditionalParameters)
|
||||
.flatMap(additionalParams -> {
|
||||
|
|
@ -96,7 +96,7 @@ public class ServerOAuth2LoginAuthenticationTokenConverter
|
|||
.switchIfEmpty(oauth2AuthenticationException(CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE))
|
||||
.map(clientRegistration -> {
|
||||
OAuth2AuthorizationResponse authorizationResponse = convertResponse(exchange);
|
||||
OAuth2LoginAuthenticationToken authenticationRequest = new OAuth2LoginAuthenticationToken(
|
||||
OAuth2AuthorizationCodeAuthenticationToken authenticationRequest = new OAuth2AuthorizationCodeAuthenticationToken(
|
||||
clientRegistration, new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse));
|
||||
return authenticationRequest;
|
||||
});
|
||||
|
|
@ -178,7 +178,7 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
|
|||
.containsAllEntriesOf(accessTokenResponse.getAdditionalParameters());
|
||||
}
|
||||
|
||||
private OAuth2LoginAuthenticationToken loginToken() {
|
||||
private OAuth2AuthorizationCodeAuthenticationToken loginToken() {
|
||||
ClientRegistration clientRegistration = this.registration.build();
|
||||
OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest
|
||||
.authorizationCode()
|
||||
|
|
@ -193,6 +193,6 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
|
|||
.build();
|
||||
OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
|
||||
authorizationResponse);
|
||||
return new OAuth2LoginAuthenticationToken(clientRegistration, authorizationExchange);
|
||||
return new OAuth2AuthorizationCodeAuthenticationToken(clientRegistration, authorizationExchange);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ import org.mockito.Mock;
|
|||
import org.mockito.junit.MockitoJUnitRunner;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
|
||||
import org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient;
|
||||
|
|
@ -182,7 +182,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
|
|||
when(this.jwtDecoder.decode(any())).thenReturn(Mono.just(idToken));
|
||||
this.manager.setDecoderFactory(c -> this.jwtDecoder);
|
||||
|
||||
OAuth2AuthenticationToken result = (OAuth2AuthenticationToken) this.manager.authenticate(loginToken()).block();
|
||||
OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager.authenticate(loginToken()).block();
|
||||
|
||||
assertThat(result.getPrincipal()).isEqualTo(user);
|
||||
assertThat(result.getAuthorities()).containsOnlyElementsOf(user.getAuthorities());
|
||||
|
|
@ -192,6 +192,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
|
|||
// gh-5368
|
||||
@Test
|
||||
public void authenticateWhenTokenSuccessResponseThenAdditionalParametersAddedToUserRequest() {
|
||||
ClientRegistration clientRegistration = this.registration.build();
|
||||
Map<String, Object> additionalParameters = new HashMap<>();
|
||||
additionalParameters.put(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue());
|
||||
additionalParameters.put("param1", "value1");
|
||||
|
|
@ -204,7 +205,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
|
|||
Map<String, Object> claims = new HashMap<>();
|
||||
claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com");
|
||||
claims.put(IdTokenClaimNames.SUB, "rob");
|
||||
claims.put(IdTokenClaimNames.AUD, Arrays.asList("clientId"));
|
||||
claims.put(IdTokenClaimNames.AUD, Arrays.asList(clientRegistration.getClientId()));
|
||||
Instant issuedAt = Instant.now();
|
||||
Instant expiresAt = Instant.from(issuedAt).plusSeconds(3600);
|
||||
Jwt idToken = new Jwt("id-token", issuedAt, expiresAt, claims, claims);
|
||||
|
|
@ -222,7 +223,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
|
|||
.containsAllEntriesOf(accessTokenResponse.getAdditionalParameters());
|
||||
}
|
||||
|
||||
private OAuth2LoginAuthenticationToken loginToken() {
|
||||
private OAuth2AuthorizationCodeAuthenticationToken loginToken() {
|
||||
ClientRegistration clientRegistration = this.registration.build();
|
||||
OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest
|
||||
.authorizationCode()
|
||||
|
|
@ -237,6 +238,6 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
|
|||
.build();
|
||||
OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
|
||||
authorizationResponse);
|
||||
return new OAuth2LoginAuthenticationToken(clientRegistration, authorizationExchange);
|
||||
return new OAuth2AuthorizationCodeAuthenticationToken(clientRegistration, authorizationExchange);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,13 +16,6 @@
|
|||
|
||||
package org.springframework.security.oauth2.client.web.server;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatThrownBy;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
import java.util.Collections;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
|
|
@ -30,7 +23,7 @@ import org.mockito.Mock;
|
|||
import org.mockito.junit.MockitoJUnitRunner;
|
||||
import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
|
||||
import org.springframework.mock.web.server.MockServerWebExchange;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
|
|
@ -39,15 +32,21 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
|||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
|
||||
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import java.util.Collections;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatThrownBy;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
* @since 5.1
|
||||
*/
|
||||
@RunWith(MockitoJUnitRunner.class)
|
||||
public class ServerOAuth2LoginAuthenticationTokenConverterTest {
|
||||
public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTest {
|
||||
@Mock
|
||||
private ReactiveClientRegistrationRepository clientRegistrationRepository;
|
||||
|
||||
|
|
@ -79,11 +78,11 @@ public class ServerOAuth2LoginAuthenticationTokenConverterTest {
|
|||
|
||||
private final MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/");
|
||||
|
||||
private ServerOAuth2LoginAuthenticationTokenConverter converter;
|
||||
private ServerOAuth2AuthorizationCodeAuthenticationTokenConverter converter;
|
||||
|
||||
@Before
|
||||
public void setup() {
|
||||
this.converter = new ServerOAuth2LoginAuthenticationTokenConverter(this.clientRegistrationRepository);
|
||||
this.converter = new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(this.clientRegistrationRepository);
|
||||
this.converter.setAuthorizationRequestRepository(this.authorizationRequestRepository);
|
||||
}
|
||||
|
||||
|
|
@ -102,8 +101,7 @@ public class ServerOAuth2LoginAuthenticationTokenConverterTest {
|
|||
|
||||
assertThatThrownBy(() -> applyConverter())
|
||||
.isInstanceOf(OAuth2AuthenticationException.class)
|
||||
.hasMessageContaining(
|
||||
ServerOAuth2LoginAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
|
||||
.hasMessageContaining(ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -113,8 +111,7 @@ public class ServerOAuth2LoginAuthenticationTokenConverterTest {
|
|||
|
||||
assertThatThrownBy(() -> applyConverter())
|
||||
.isInstanceOf(OAuth2AuthenticationException.class)
|
||||
.hasMessageContaining(
|
||||
ServerOAuth2LoginAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
|
||||
.hasMessageContaining(ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -133,7 +130,7 @@ public class ServerOAuth2LoginAuthenticationTokenConverterTest {
|
|||
when(this.authorizationRequestRepository.removeAuthorizationRequest(any())).thenReturn(Mono.just(this.authorizationRequest.build()));
|
||||
when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.just(this.clientRegistration));
|
||||
|
||||
OAuth2LoginAuthenticationToken result = applyConverter();
|
||||
OAuth2AuthorizationCodeAuthenticationToken result = applyConverter();
|
||||
|
||||
OAuth2AuthorizationResponse exchange = result
|
||||
.getAuthorizationExchange().getAuthorizationResponse();
|
||||
|
|
@ -141,8 +138,8 @@ public class ServerOAuth2LoginAuthenticationTokenConverterTest {
|
|||
assertThat(exchange.getCode()).isEqualTo("code");
|
||||
}
|
||||
|
||||
private OAuth2LoginAuthenticationToken applyConverter() {
|
||||
private OAuth2AuthorizationCodeAuthenticationToken applyConverter() {
|
||||
MockServerWebExchange exchange = MockServerWebExchange.from(this.request);
|
||||
return (OAuth2LoginAuthenticationToken) this.converter.convert(exchange).block();
|
||||
return (OAuth2AuthorizationCodeAuthenticationToken) this.converter.convert(exchange).block();
|
||||
}
|
||||
}
|
||||
|
|
@ -112,7 +112,12 @@ class OAuth2AccessTokenResponseBodyExtractor
|
|||
|
||||
Map<String, Object> additionalParameters = new LinkedHashMap<>(accessTokenResponse.getCustomParameters());
|
||||
|
||||
return OAuth2AccessTokenResponse.withToken(accessToken.getValue()).tokenType(accessTokenType).expiresIn(expiresIn).scopes(scopes)
|
||||
.refreshToken(refreshToken).additionalParameters(additionalParameters).build();
|
||||
return OAuth2AccessTokenResponse.withToken(accessToken.getValue())
|
||||
.tokenType(accessTokenType)
|
||||
.expiresIn(expiresIn)
|
||||
.scopes(scopes)
|
||||
.refreshToken(refreshToken)
|
||||
.additionalParameters(additionalParameters)
|
||||
.build();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue