Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-29 15:22:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Polish gh-6349

Browse Source
This commit is contained in:
Joe Grandja 2019-01-08 17:45:09 -05:00
parent 057ed616c4
commit d878dbf30e
2 changed files with 8 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java
View File

@ -55,8 +55,8 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
public OAuth2TokenValidatorResult validate(Jwt idToken) { public OAuth2TokenValidatorResult validate(Jwt idToken) {
// 3.1.3.7 ID Token Validation // 3.1.3.7 ID Token Validation
// http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation // http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
Map<String, Object> invalidClaims = validateRequiredClaims(idToken);
Map<String, Object> invalidClaims = validateRequiredClaims(idToken);
if (!invalidClaims.isEmpty()) { if (!invalidClaims.isEmpty()) {
return OAuth2TokenValidatorResult.failure(invalidIdToken(invalidClaims)); return OAuth2TokenValidatorResult.failure(invalidIdToken(invalidClaims));
} }
@ -123,8 +123,9 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
String claimsDetail = invalidClaims.entrySet().stream() String claimsDetail = invalidClaims.entrySet().stream()
.map(it -> it.getKey() + " (" + it.getValue() + ")") .map(it -> it.getKey() + " (" + it.getValue() + ")")
.collect(Collectors.joining(", ")); .collect(Collectors.joining(", "));
return new OAuth2Error("invalid_id_token",
return new OAuth2Error("invalid_id_token", "The ID Token contains invalid claims: "+claimsDetail, null); "The ID Token contains invalid claims: " + claimsDetail,
"https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation");
} }
private static Map<String, Object> validateRequiredClaims(Jwt idToken) { private static Map<String, Object> validateRequiredClaims(Jwt idToken) {

12
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
View File

@ -66,7 +66,6 @@ public class OidcIdTokenValidatorTests {
.hasSize(1) .hasSize(1)
.extracting(OAuth2Error::getDescription) .extracting(OAuth2Error::getDescription)
.allMatch(msg -> msg.contains(IdTokenClaimNames.ISS)); .allMatch(msg -> msg.contains(IdTokenClaimNames.ISS));
} }
@Test @Test
@ -194,17 +193,6 @@ public class OidcIdTokenValidatorTests {
.allMatch(msg -> msg.contains(IdTokenClaimNames.EXP)); .allMatch(msg -> msg.contains(IdTokenClaimNames.EXP));
} }
@Test(expected = IllegalArgumentException.class)
public void validateIdTokenWhenNoClaimsThenHasErrors() {
this.claims.remove(IdTokenClaimNames.ISS);
this.claims.remove(IdTokenClaimNames.SUB);
this.claims.remove(IdTokenClaimNames.AUD);
this.issuedAt = null;
this.expiresAt = null;
assertThat(this.validateIdToken())
.hasSize(1);
}
private Collection<OAuth2Error> validateIdToken() { private Collection<OAuth2Error> validateIdToken() {
Jwt idToken = new Jwt("token123", this.issuedAt, this.expiresAt, this.headers, this.claims); Jwt idToken = new Jwt("token123", this.issuedAt, this.expiresAt, this.headers, this.claims);
OidcIdTokenValidator validator = new OidcIdTokenValidator(this.registration.build()); OidcIdTokenValidator validator = new OidcIdTokenValidator(this.registration.build());