diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java index 1a4117baa7..67b4771ded 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java @@ -62,7 +62,7 @@ import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer; -import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger; +import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient; import org.springframework.security.oauth2.client.endpoint.AuthorizationRequestUriBuilder; import org.springframework.security.web.DefaultSecurityFilterChain; import org.springframework.security.web.PortMapper; @@ -945,8 +945,8 @@ public final class HttpSecurity extends * *

* At this point in the "authentication flow", the configured - * {@link AuthorizationGrantTokenExchanger} - * will exchange the Authorization Code for an Access Token and then use it to access the protected resource + * {@link OAuth2AccessTokenResponseClient} + * will getTokenResponse the Authorization Code for an Access Token and then use it to access the protected resource * at the UserInfo Endpoint (via {@link org.springframework.security.oauth2.client.user.OAuth2UserService}) * in order to retrieve the details of the Resource Owner (end-user) and establish the "authenticated" session. * @@ -992,7 +992,7 @@ public final class HttpSecurity extends * .oauth2Login() * .clients(this.clientRegistrationRepository()) * .authorizationRequestUriBuilder(this.authorizationRequestUriBuilder()) - * .authorizationCodeTokenExchanger(this.authorizationCodeTokenExchanger()) + * .accessTokenResponseClient(this.accessTokenResponseClient()) * .userInfoEndpoint() * .userInfoService(this.userInfoService()) * .userInfoEndpoint() @@ -1014,7 +1014,7 @@ public final class HttpSecurity extends * } * * @Bean - * public AuthorizationGrantTokenExchanger<OAuth2LoginAuthenticationToken> authorizationCodeTokenExchanger() { + * public OAuth2AccessTokenResponseClient<OAuth2LoginAuthenticationToken> accessTokenResponseClient() { * // Custom implementation that exchanges an "Authorization Code Grant" for an "Access Token" * return new AuthorizationCodeTokenExchangerImpl(); * } @@ -1041,7 +1041,7 @@ public final class HttpSecurity extends * @see org.springframework.security.oauth2.client.registration.ClientRegistration * @see org.springframework.security.oauth2.client.registration.ClientRegistrationRepository * @see AuthorizationRequestUriBuilder - * @see AuthorizationGrantTokenExchanger + * @see OAuth2AccessTokenResponseClient * @see org.springframework.security.oauth2.client.user.OAuth2UserService * * @return the {@link OAuth2LoginConfigurer} for further customizations diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java index 4a85b6a2a1..1584750c87 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java @@ -23,9 +23,9 @@ import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMap import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService; import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider; -import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger; +import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient; import org.springframework.security.oauth2.client.endpoint.AuthorizationRequestUriBuilder; -import org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenExchanger; +import org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenResponseClient; import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest; import org.springframework.security.oauth2.client.jwt.JwtDecoderRegistry; import org.springframework.security.oauth2.client.jwt.NimbusJwtDecoderRegistry; @@ -131,17 +131,17 @@ public final class OAuth2LoginConfigurer> exten } public class TokenEndpointConfig { - private AuthorizationGrantTokenExchanger authorizationCodeTokenExchanger; + private OAuth2AccessTokenResponseClient accessTokenResponseClient; private JwtDecoderRegistry jwtDecoderRegistry; private TokenEndpointConfig() { } - public TokenEndpointConfig authorizationCodeTokenExchanger( - AuthorizationGrantTokenExchanger authorizationCodeTokenExchanger) { + public TokenEndpointConfig accessTokenResponseClient( + OAuth2AccessTokenResponseClient accessTokenResponseClient) { - Assert.notNull(authorizationCodeTokenExchanger, "authorizationCodeTokenExchanger cannot be null"); - this.authorizationCodeTokenExchanger = authorizationCodeTokenExchanger; + Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null"); + this.accessTokenResponseClient = accessTokenResponseClient; return this; } @@ -225,10 +225,10 @@ public final class OAuth2LoginConfigurer> exten super.init(http); - AuthorizationGrantTokenExchanger authorizationCodeTokenExchanger = - this.tokenEndpointConfig.authorizationCodeTokenExchanger; - if (authorizationCodeTokenExchanger == null) { - authorizationCodeTokenExchanger = new NimbusAuthorizationCodeTokenExchanger(); + OAuth2AccessTokenResponseClient accessTokenResponseClient = + this.tokenEndpointConfig.accessTokenResponseClient; + if (accessTokenResponseClient == null) { + accessTokenResponseClient = new NimbusAuthorizationCodeTokenResponseClient(); } OAuth2UserService oauth2UserService = this.userInfoEndpointConfig.userService; @@ -249,7 +249,7 @@ public final class OAuth2LoginConfigurer> exten } OAuth2LoginAuthenticationProvider oauth2LoginAuthenticationProvider = - new OAuth2LoginAuthenticationProvider(authorizationCodeTokenExchanger, oauth2UserService); + new OAuth2LoginAuthenticationProvider(accessTokenResponseClient, oauth2UserService); if (this.userInfoEndpointConfig.userAuthoritiesMapper != null) { oauth2LoginAuthenticationProvider.setAuthoritiesMapper( this.userInfoEndpointConfig.userAuthoritiesMapper); @@ -259,7 +259,7 @@ public final class OAuth2LoginConfigurer> exten OAuth2UserService oidcUserService = new OidcUserService(); OidcAuthorizationCodeAuthenticationProvider oidcAuthorizationCodeAuthenticationProvider = new OidcAuthorizationCodeAuthenticationProvider( - authorizationCodeTokenExchanger, oidcUserService, jwtDecoderRegistry); + accessTokenResponseClient, oidcUserService, jwtDecoderRegistry); if (this.userInfoEndpointConfig.userAuthoritiesMapper != null) { oidcAuthorizationCodeAuthenticationProvider.setAuthoritiesMapper( this.userInfoEndpointConfig.userAuthoritiesMapper); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java index b285bfdb68..22b2590bdf 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java @@ -20,7 +20,7 @@ import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper; -import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger; +import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient; import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest; import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest; import org.springframework.security.oauth2.client.userinfo.OAuth2UserService; @@ -50,7 +50,7 @@ import java.util.Collection; * @author Joe Grandja * @since 5.0 * @see OAuth2LoginAuthenticationToken - * @see AuthorizationGrantTokenExchanger + * @see OAuth2AccessTokenResponseClient * @see OAuth2UserService * @see OAuth2User * @see Section 4.1 Authorization Code Grant Flow @@ -60,17 +60,17 @@ import java.util.Collection; public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider { private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter"; private static final String INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE = "invalid_redirect_uri_parameter"; - private final AuthorizationGrantTokenExchanger authorizationCodeTokenExchanger; + private final OAuth2AccessTokenResponseClient accessTokenResponseClient; private final OAuth2UserService userService; private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities); public OAuth2LoginAuthenticationProvider( - AuthorizationGrantTokenExchanger authorizationCodeTokenExchanger, + OAuth2AccessTokenResponseClient accessTokenResponseClient, OAuth2UserService userService) { - Assert.notNull(authorizationCodeTokenExchanger, "authorizationCodeTokenExchanger cannot be null"); + Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null"); Assert.notNull(userService, "userService cannot be null"); - this.authorizationCodeTokenExchanger = authorizationCodeTokenExchanger; + this.accessTokenResponseClient = accessTokenResponseClient; this.userService = userService; } @@ -110,7 +110,7 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider } OAuth2AccessTokenResponse accessTokenResponse = - this.authorizationCodeTokenExchanger.exchange( + this.accessTokenResponseClient.getTokenResponse( new OAuth2AuthorizationCodeGrantRequest( authorizationCodeAuthentication.getClientRegistration(), authorizationCodeAuthentication.getAuthorizationExchange())); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenExchanger.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java similarity index 94% rename from oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenExchanger.java rename to oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java index c1ba005aad..de86df2b19 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenExchanger.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java @@ -48,7 +48,7 @@ import java.util.Map; import java.util.Set; /** - * An implementation of an {@link AuthorizationGrantTokenExchanger} that "exchanges" + * An implementation of an {@link OAuth2AccessTokenResponseClient} that "exchanges" * an Authorization Code credential for an Access Token credential * at the Authorization Server's Token Endpoint. * @@ -57,18 +57,18 @@ import java.util.Set; * * @author Joe Grandja * @since 5.0 - * @see AuthorizationGrantTokenExchanger + * @see OAuth2AccessTokenResponseClient * @see OAuth2AuthorizationCodeGrantRequest * @see OAuth2AccessTokenResponse * @see Nimbus OAuth 2.0 SDK * @see Section 4.1.3 Access Token Request (Authorization Code Grant) * @see Section 4.1.4 Access Token Response (Authorization Code Grant) */ -public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrantTokenExchanger { +public class NimbusAuthorizationCodeTokenResponseClient implements OAuth2AccessTokenResponseClient { private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response"; @Override - public OAuth2AccessTokenResponse exchange(OAuth2AuthorizationCodeGrantRequest authorizationGrantRequest) + public OAuth2AccessTokenResponse getTokenResponse(OAuth2AuthorizationCodeGrantRequest authorizationGrantRequest) throws OAuth2AuthenticationException { ClientRegistration clientRegistration = authorizationGrantRequest.getClientRegistration(); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AuthorizationGrantTokenExchanger.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AccessTokenResponseClient.java similarity index 88% rename from oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AuthorizationGrantTokenExchanger.java rename to oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AccessTokenResponseClient.java index c54d1696c3..75277834c5 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AuthorizationGrantTokenExchanger.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AccessTokenResponseClient.java @@ -34,8 +34,8 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon * @see Section 4.1.3 Access Token Request (Authorization Code Grant) * @see Section 4.1.4 Access Token Response (Authorization Code Grant) */ -public interface AuthorizationGrantTokenExchanger { +public interface OAuth2AccessTokenResponseClient { - OAuth2AccessTokenResponse exchange(T authorizationGrantRequest) throws OAuth2AuthenticationException; + OAuth2AccessTokenResponse getTokenResponse(T authorizationGrantRequest) throws OAuth2AuthenticationException; } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java index c78286dac4..dc3a80cd9c 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java @@ -21,7 +21,7 @@ import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper; import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken; -import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger; +import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient; import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest; import org.springframework.security.oauth2.client.jwt.JwtDecoderRegistry; import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest; @@ -63,7 +63,7 @@ import java.util.List; * @author Joe Grandja * @since 5.0 * @see OidcAuthorizationCodeAuthenticationToken - * @see AuthorizationGrantTokenExchanger + * @see OAuth2AccessTokenResponseClient * @see OidcUserService * @see OidcUser * @see Section 3.1 Authorization Code Grant Flow @@ -74,20 +74,20 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter"; private static final String INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE = "invalid_redirect_uri_parameter"; private static final String INVALID_ID_TOKEN_ERROR_CODE = "invalid_id_token"; - private final AuthorizationGrantTokenExchanger authorizationCodeTokenExchanger; + private final OAuth2AccessTokenResponseClient accessTokenResponseClient; private final OAuth2UserService userService; private final JwtDecoderRegistry jwtDecoderRegistry; private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities); public OidcAuthorizationCodeAuthenticationProvider( - AuthorizationGrantTokenExchanger authorizationCodeTokenExchanger, + OAuth2AccessTokenResponseClient accessTokenResponseClient, OAuth2UserService userService, JwtDecoderRegistry jwtDecoderRegistry) { - Assert.notNull(authorizationCodeTokenExchanger, "authorizationCodeTokenExchanger cannot be null"); + Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null"); Assert.notNull(userService, "userService cannot be null"); Assert.notNull(jwtDecoderRegistry, "jwtDecoderRegistry cannot be null"); - this.authorizationCodeTokenExchanger = authorizationCodeTokenExchanger; + this.accessTokenResponseClient = accessTokenResponseClient; this.userService = userService; this.jwtDecoderRegistry = jwtDecoderRegistry; } @@ -128,7 +128,7 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati } OAuth2AccessTokenResponse accessTokenResponse = - this.authorizationCodeTokenExchanger.exchange( + this.accessTokenResponseClient.getTokenResponse( new OAuth2AuthorizationCodeGrantRequest( authorizationCodeAuthentication.getClientRegistration(), authorizationCodeAuthentication.getAuthorizationExchange())); diff --git a/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java b/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java index c45f6c62ea..6ce5b320aa 100644 --- a/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java +++ b/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java @@ -40,7 +40,7 @@ import org.springframework.security.core.GrantedAuthority; import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService; import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService; -import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger; +import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient; import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; @@ -351,21 +351,21 @@ public class OAuth2LoginApplicationTests { .and() .oauth2Login() .tokenEndpoint() - .authorizationCodeTokenExchanger(this.mockAuthorizationCodeTokenExchanger()) + .accessTokenResponseClient(this.mockAccessTokenResponseClient()) .and() .userInfoEndpoint() .userService(this.mockUserInfoService()); } // @formatter:on - private AuthorizationGrantTokenExchanger mockAuthorizationCodeTokenExchanger() { + private OAuth2AccessTokenResponseClient mockAccessTokenResponseClient() { OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234") .tokenType(OAuth2AccessToken.TokenType.BEARER) .expiresIn(60 * 1000) .build(); - AuthorizationGrantTokenExchanger mock = mock(AuthorizationGrantTokenExchanger.class); - when(mock.exchange(any())).thenReturn(accessTokenResponse); + OAuth2AccessTokenResponseClient mock = mock(OAuth2AccessTokenResponseClient.class); + when(mock.getTokenResponse(any())).thenReturn(accessTokenResponse); return mock; }