diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
index 1a4117baa7..67b4771ded 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
@@ -62,7 +62,7 @@ import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer;
-import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger;
+import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.AuthorizationRequestUriBuilder;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.PortMapper;
@@ -945,8 +945,8 @@ public final class HttpSecurity extends
*
*
* At this point in the "authentication flow", the configured
- * {@link AuthorizationGrantTokenExchanger}
- * will exchange the Authorization Code for an Access Token and then use it to access the protected resource
+ * {@link OAuth2AccessTokenResponseClient}
+ * will getTokenResponse the Authorization Code for an Access Token and then use it to access the protected resource
* at the UserInfo Endpoint (via {@link org.springframework.security.oauth2.client.user.OAuth2UserService})
* in order to retrieve the details of the Resource Owner (end-user) and establish the "authenticated" session.
*
@@ -992,7 +992,7 @@ public final class HttpSecurity extends
* .oauth2Login()
* .clients(this.clientRegistrationRepository())
* .authorizationRequestUriBuilder(this.authorizationRequestUriBuilder())
- * .authorizationCodeTokenExchanger(this.authorizationCodeTokenExchanger())
+ * .accessTokenResponseClient(this.accessTokenResponseClient())
* .userInfoEndpoint()
* .userInfoService(this.userInfoService())
* .userInfoEndpoint()
@@ -1014,7 +1014,7 @@ public final class HttpSecurity extends
* }
*
* @Bean
- * public AuthorizationGrantTokenExchanger<OAuth2LoginAuthenticationToken> authorizationCodeTokenExchanger() {
+ * public OAuth2AccessTokenResponseClient<OAuth2LoginAuthenticationToken> accessTokenResponseClient() {
* // Custom implementation that exchanges an "Authorization Code Grant" for an "Access Token"
* return new AuthorizationCodeTokenExchangerImpl();
* }
@@ -1041,7 +1041,7 @@ public final class HttpSecurity extends
* @see org.springframework.security.oauth2.client.registration.ClientRegistration
* @see org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
* @see AuthorizationRequestUriBuilder
- * @see AuthorizationGrantTokenExchanger
+ * @see OAuth2AccessTokenResponseClient
* @see org.springframework.security.oauth2.client.user.OAuth2UserService
*
* @return the {@link OAuth2LoginConfigurer} for further customizations
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
index 4a85b6a2a1..1584750c87 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
@@ -23,9 +23,9 @@ import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMap
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider;
-import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger;
+import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.AuthorizationRequestUriBuilder;
-import org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenExchanger;
+import org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
import org.springframework.security.oauth2.client.jwt.JwtDecoderRegistry;
import org.springframework.security.oauth2.client.jwt.NimbusJwtDecoderRegistry;
@@ -131,17 +131,17 @@ public final class OAuth2LoginConfigurer> exten
}
public class TokenEndpointConfig {
- private AuthorizationGrantTokenExchanger authorizationCodeTokenExchanger;
+ private OAuth2AccessTokenResponseClient accessTokenResponseClient;
private JwtDecoderRegistry jwtDecoderRegistry;
private TokenEndpointConfig() {
}
- public TokenEndpointConfig authorizationCodeTokenExchanger(
- AuthorizationGrantTokenExchanger authorizationCodeTokenExchanger) {
+ public TokenEndpointConfig accessTokenResponseClient(
+ OAuth2AccessTokenResponseClient accessTokenResponseClient) {
- Assert.notNull(authorizationCodeTokenExchanger, "authorizationCodeTokenExchanger cannot be null");
- this.authorizationCodeTokenExchanger = authorizationCodeTokenExchanger;
+ Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
+ this.accessTokenResponseClient = accessTokenResponseClient;
return this;
}
@@ -225,10 +225,10 @@ public final class OAuth2LoginConfigurer> exten
super.init(http);
- AuthorizationGrantTokenExchanger authorizationCodeTokenExchanger =
- this.tokenEndpointConfig.authorizationCodeTokenExchanger;
- if (authorizationCodeTokenExchanger == null) {
- authorizationCodeTokenExchanger = new NimbusAuthorizationCodeTokenExchanger();
+ OAuth2AccessTokenResponseClient accessTokenResponseClient =
+ this.tokenEndpointConfig.accessTokenResponseClient;
+ if (accessTokenResponseClient == null) {
+ accessTokenResponseClient = new NimbusAuthorizationCodeTokenResponseClient();
}
OAuth2UserService oauth2UserService = this.userInfoEndpointConfig.userService;
@@ -249,7 +249,7 @@ public final class OAuth2LoginConfigurer> exten
}
OAuth2LoginAuthenticationProvider oauth2LoginAuthenticationProvider =
- new OAuth2LoginAuthenticationProvider(authorizationCodeTokenExchanger, oauth2UserService);
+ new OAuth2LoginAuthenticationProvider(accessTokenResponseClient, oauth2UserService);
if (this.userInfoEndpointConfig.userAuthoritiesMapper != null) {
oauth2LoginAuthenticationProvider.setAuthoritiesMapper(
this.userInfoEndpointConfig.userAuthoritiesMapper);
@@ -259,7 +259,7 @@ public final class OAuth2LoginConfigurer> exten
OAuth2UserService oidcUserService = new OidcUserService();
OidcAuthorizationCodeAuthenticationProvider oidcAuthorizationCodeAuthenticationProvider =
new OidcAuthorizationCodeAuthenticationProvider(
- authorizationCodeTokenExchanger, oidcUserService, jwtDecoderRegistry);
+ accessTokenResponseClient, oidcUserService, jwtDecoderRegistry);
if (this.userInfoEndpointConfig.userAuthoritiesMapper != null) {
oidcAuthorizationCodeAuthenticationProvider.setAuthoritiesMapper(
this.userInfoEndpointConfig.userAuthoritiesMapper);
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
index b285bfdb68..22b2590bdf 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
@@ -20,7 +20,7 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
-import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger;
+import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
@@ -50,7 +50,7 @@ import java.util.Collection;
* @author Joe Grandja
* @since 5.0
* @see OAuth2LoginAuthenticationToken
- * @see AuthorizationGrantTokenExchanger
+ * @see OAuth2AccessTokenResponseClient
* @see OAuth2UserService
* @see OAuth2User
* @see Section 4.1 Authorization Code Grant Flow
@@ -60,17 +60,17 @@ import java.util.Collection;
public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider {
private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter";
private static final String INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE = "invalid_redirect_uri_parameter";
- private final AuthorizationGrantTokenExchanger authorizationCodeTokenExchanger;
+ private final OAuth2AccessTokenResponseClient accessTokenResponseClient;
private final OAuth2UserService userService;
private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities);
public OAuth2LoginAuthenticationProvider(
- AuthorizationGrantTokenExchanger authorizationCodeTokenExchanger,
+ OAuth2AccessTokenResponseClient accessTokenResponseClient,
OAuth2UserService userService) {
- Assert.notNull(authorizationCodeTokenExchanger, "authorizationCodeTokenExchanger cannot be null");
+ Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
Assert.notNull(userService, "userService cannot be null");
- this.authorizationCodeTokenExchanger = authorizationCodeTokenExchanger;
+ this.accessTokenResponseClient = accessTokenResponseClient;
this.userService = userService;
}
@@ -110,7 +110,7 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider
}
OAuth2AccessTokenResponse accessTokenResponse =
- this.authorizationCodeTokenExchanger.exchange(
+ this.accessTokenResponseClient.getTokenResponse(
new OAuth2AuthorizationCodeGrantRequest(
authorizationCodeAuthentication.getClientRegistration(),
authorizationCodeAuthentication.getAuthorizationExchange()));
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenExchanger.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java
similarity index 94%
rename from oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenExchanger.java
rename to oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java
index c1ba005aad..de86df2b19 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenExchanger.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java
@@ -48,7 +48,7 @@ import java.util.Map;
import java.util.Set;
/**
- * An implementation of an {@link AuthorizationGrantTokenExchanger} that "exchanges"
+ * An implementation of an {@link OAuth2AccessTokenResponseClient} that "exchanges"
* an Authorization Code credential for an Access Token credential
* at the Authorization Server's Token Endpoint.
*
@@ -57,18 +57,18 @@ import java.util.Set;
*
* @author Joe Grandja
* @since 5.0
- * @see AuthorizationGrantTokenExchanger
+ * @see OAuth2AccessTokenResponseClient
* @see OAuth2AuthorizationCodeGrantRequest
* @see OAuth2AccessTokenResponse
* @see Nimbus OAuth 2.0 SDK
* @see Section 4.1.3 Access Token Request (Authorization Code Grant)
* @see Section 4.1.4 Access Token Response (Authorization Code Grant)
*/
-public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrantTokenExchanger {
+public class NimbusAuthorizationCodeTokenResponseClient implements OAuth2AccessTokenResponseClient {
private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response";
@Override
- public OAuth2AccessTokenResponse exchange(OAuth2AuthorizationCodeGrantRequest authorizationGrantRequest)
+ public OAuth2AccessTokenResponse getTokenResponse(OAuth2AuthorizationCodeGrantRequest authorizationGrantRequest)
throws OAuth2AuthenticationException {
ClientRegistration clientRegistration = authorizationGrantRequest.getClientRegistration();
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AuthorizationGrantTokenExchanger.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AccessTokenResponseClient.java
similarity index 88%
rename from oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AuthorizationGrantTokenExchanger.java
rename to oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AccessTokenResponseClient.java
index c54d1696c3..75277834c5 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AuthorizationGrantTokenExchanger.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AccessTokenResponseClient.java
@@ -34,8 +34,8 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon
* @see Section 4.1.3 Access Token Request (Authorization Code Grant)
* @see Section 4.1.4 Access Token Response (Authorization Code Grant)
*/
-public interface AuthorizationGrantTokenExchanger {
+public interface OAuth2AccessTokenResponseClient {
- OAuth2AccessTokenResponse exchange(T authorizationGrantRequest) throws OAuth2AuthenticationException;
+ OAuth2AccessTokenResponse getTokenResponse(T authorizationGrantRequest) throws OAuth2AuthenticationException;
}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
index c78286dac4..dc3a80cd9c 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
@@ -21,7 +21,7 @@ import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken;
-import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger;
+import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
import org.springframework.security.oauth2.client.jwt.JwtDecoderRegistry;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
@@ -63,7 +63,7 @@ import java.util.List;
* @author Joe Grandja
* @since 5.0
* @see OidcAuthorizationCodeAuthenticationToken
- * @see AuthorizationGrantTokenExchanger
+ * @see OAuth2AccessTokenResponseClient
* @see OidcUserService
* @see OidcUser
* @see Section 3.1 Authorization Code Grant Flow
@@ -74,20 +74,20 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter";
private static final String INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE = "invalid_redirect_uri_parameter";
private static final String INVALID_ID_TOKEN_ERROR_CODE = "invalid_id_token";
- private final AuthorizationGrantTokenExchanger authorizationCodeTokenExchanger;
+ private final OAuth2AccessTokenResponseClient accessTokenResponseClient;
private final OAuth2UserService userService;
private final JwtDecoderRegistry jwtDecoderRegistry;
private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities);
public OidcAuthorizationCodeAuthenticationProvider(
- AuthorizationGrantTokenExchanger authorizationCodeTokenExchanger,
+ OAuth2AccessTokenResponseClient accessTokenResponseClient,
OAuth2UserService userService,
JwtDecoderRegistry jwtDecoderRegistry) {
- Assert.notNull(authorizationCodeTokenExchanger, "authorizationCodeTokenExchanger cannot be null");
+ Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
Assert.notNull(userService, "userService cannot be null");
Assert.notNull(jwtDecoderRegistry, "jwtDecoderRegistry cannot be null");
- this.authorizationCodeTokenExchanger = authorizationCodeTokenExchanger;
+ this.accessTokenResponseClient = accessTokenResponseClient;
this.userService = userService;
this.jwtDecoderRegistry = jwtDecoderRegistry;
}
@@ -128,7 +128,7 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
}
OAuth2AccessTokenResponse accessTokenResponse =
- this.authorizationCodeTokenExchanger.exchange(
+ this.accessTokenResponseClient.getTokenResponse(
new OAuth2AuthorizationCodeGrantRequest(
authorizationCodeAuthentication.getClientRegistration(),
authorizationCodeAuthentication.getAuthorizationExchange()));
diff --git a/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java b/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java
index c45f6c62ea..6ce5b320aa 100644
--- a/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java
+++ b/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java
@@ -40,7 +40,7 @@ import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
-import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger;
+import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
@@ -351,21 +351,21 @@ public class OAuth2LoginApplicationTests {
.and()
.oauth2Login()
.tokenEndpoint()
- .authorizationCodeTokenExchanger(this.mockAuthorizationCodeTokenExchanger())
+ .accessTokenResponseClient(this.mockAccessTokenResponseClient())
.and()
.userInfoEndpoint()
.userService(this.mockUserInfoService());
}
// @formatter:on
- private AuthorizationGrantTokenExchanger mockAuthorizationCodeTokenExchanger() {
+ private OAuth2AccessTokenResponseClient mockAccessTokenResponseClient() {
OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
.tokenType(OAuth2AccessToken.TokenType.BEARER)
.expiresIn(60 * 1000)
.build();
- AuthorizationGrantTokenExchanger mock = mock(AuthorizationGrantTokenExchanger.class);
- when(mock.exchange(any())).thenReturn(accessTokenResponse);
+ OAuth2AccessTokenResponseClient mock = mock(OAuth2AccessTokenResponseClient.class);
+ when(mock.getTokenResponse(any())).thenReturn(accessTokenResponse);
return mock;
}