Rename AuthorizationGrantTokenExchanger -> OAuth2AccessTokenResponseClient
Fixes gh-4741
This commit is contained in:
parent
2a00232a5b
commit
e4887057bc
|
@ -62,7 +62,7 @@ import org.springframework.security.core.context.SecurityContext;
|
|||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer;
|
||||
import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger;
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
|
||||
import org.springframework.security.oauth2.client.endpoint.AuthorizationRequestUriBuilder;
|
||||
import org.springframework.security.web.DefaultSecurityFilterChain;
|
||||
import org.springframework.security.web.PortMapper;
|
||||
|
@ -945,8 +945,8 @@ public final class HttpSecurity extends
|
|||
*
|
||||
* <p>
|
||||
* At this point in the <i>"authentication flow"</i>, the configured
|
||||
* {@link AuthorizationGrantTokenExchanger}
|
||||
* will exchange the <i>Authorization Code</i> for an <i>Access Token</i> and then use it to access the protected resource
|
||||
* {@link OAuth2AccessTokenResponseClient}
|
||||
* will getTokenResponse the <i>Authorization Code</i> for an <i>Access Token</i> and then use it to access the protected resource
|
||||
* at the <i>UserInfo Endpoint</i> (via {@link org.springframework.security.oauth2.client.user.OAuth2UserService})
|
||||
* in order to retrieve the details of the <i>Resource Owner</i> (end-user) and establish the <i>"authenticated"</i> session.
|
||||
*
|
||||
|
@ -992,7 +992,7 @@ public final class HttpSecurity extends
|
|||
* .oauth2Login()
|
||||
* .clients(this.clientRegistrationRepository())
|
||||
* .authorizationRequestUriBuilder(this.authorizationRequestUriBuilder())
|
||||
* .authorizationCodeTokenExchanger(this.authorizationCodeTokenExchanger())
|
||||
* .accessTokenResponseClient(this.accessTokenResponseClient())
|
||||
* .userInfoEndpoint()
|
||||
* .userInfoService(this.userInfoService())
|
||||
* .userInfoEndpoint()
|
||||
|
@ -1014,7 +1014,7 @@ public final class HttpSecurity extends
|
|||
* }
|
||||
*
|
||||
* @Bean
|
||||
* public AuthorizationGrantTokenExchanger<OAuth2LoginAuthenticationToken> authorizationCodeTokenExchanger() {
|
||||
* public OAuth2AccessTokenResponseClient<OAuth2LoginAuthenticationToken> accessTokenResponseClient() {
|
||||
* // Custom implementation that exchanges an "Authorization Code Grant" for an "Access Token"
|
||||
* return new AuthorizationCodeTokenExchangerImpl();
|
||||
* }
|
||||
|
@ -1041,7 +1041,7 @@ public final class HttpSecurity extends
|
|||
* @see org.springframework.security.oauth2.client.registration.ClientRegistration
|
||||
* @see org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
|
||||
* @see AuthorizationRequestUriBuilder
|
||||
* @see AuthorizationGrantTokenExchanger
|
||||
* @see OAuth2AccessTokenResponseClient
|
||||
* @see org.springframework.security.oauth2.client.user.OAuth2UserService
|
||||
*
|
||||
* @return the {@link OAuth2LoginConfigurer} for further customizations
|
||||
|
|
|
@ -23,9 +23,9 @@ import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMap
|
|||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider;
|
||||
import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger;
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
|
||||
import org.springframework.security.oauth2.client.endpoint.AuthorizationRequestUriBuilder;
|
||||
import org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenExchanger;
|
||||
import org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenResponseClient;
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
|
||||
import org.springframework.security.oauth2.client.jwt.JwtDecoderRegistry;
|
||||
import org.springframework.security.oauth2.client.jwt.NimbusJwtDecoderRegistry;
|
||||
|
@ -131,17 +131,17 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
|
|||
}
|
||||
|
||||
public class TokenEndpointConfig {
|
||||
private AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> authorizationCodeTokenExchanger;
|
||||
private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
|
||||
private JwtDecoderRegistry jwtDecoderRegistry;
|
||||
|
||||
private TokenEndpointConfig() {
|
||||
}
|
||||
|
||||
public TokenEndpointConfig authorizationCodeTokenExchanger(
|
||||
AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> authorizationCodeTokenExchanger) {
|
||||
public TokenEndpointConfig accessTokenResponseClient(
|
||||
OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient) {
|
||||
|
||||
Assert.notNull(authorizationCodeTokenExchanger, "authorizationCodeTokenExchanger cannot be null");
|
||||
this.authorizationCodeTokenExchanger = authorizationCodeTokenExchanger;
|
||||
Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
|
||||
this.accessTokenResponseClient = accessTokenResponseClient;
|
||||
return this;
|
||||
}
|
||||
|
||||
|
@ -225,10 +225,10 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
|
|||
|
||||
super.init(http);
|
||||
|
||||
AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> authorizationCodeTokenExchanger =
|
||||
this.tokenEndpointConfig.authorizationCodeTokenExchanger;
|
||||
if (authorizationCodeTokenExchanger == null) {
|
||||
authorizationCodeTokenExchanger = new NimbusAuthorizationCodeTokenExchanger();
|
||||
OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient =
|
||||
this.tokenEndpointConfig.accessTokenResponseClient;
|
||||
if (accessTokenResponseClient == null) {
|
||||
accessTokenResponseClient = new NimbusAuthorizationCodeTokenResponseClient();
|
||||
}
|
||||
|
||||
OAuth2UserService<OAuth2UserRequest, OAuth2User> oauth2UserService = this.userInfoEndpointConfig.userService;
|
||||
|
@ -249,7 +249,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
|
|||
}
|
||||
|
||||
OAuth2LoginAuthenticationProvider oauth2LoginAuthenticationProvider =
|
||||
new OAuth2LoginAuthenticationProvider(authorizationCodeTokenExchanger, oauth2UserService);
|
||||
new OAuth2LoginAuthenticationProvider(accessTokenResponseClient, oauth2UserService);
|
||||
if (this.userInfoEndpointConfig.userAuthoritiesMapper != null) {
|
||||
oauth2LoginAuthenticationProvider.setAuthoritiesMapper(
|
||||
this.userInfoEndpointConfig.userAuthoritiesMapper);
|
||||
|
@ -259,7 +259,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
|
|||
OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService = new OidcUserService();
|
||||
OidcAuthorizationCodeAuthenticationProvider oidcAuthorizationCodeAuthenticationProvider =
|
||||
new OidcAuthorizationCodeAuthenticationProvider(
|
||||
authorizationCodeTokenExchanger, oidcUserService, jwtDecoderRegistry);
|
||||
accessTokenResponseClient, oidcUserService, jwtDecoderRegistry);
|
||||
if (this.userInfoEndpointConfig.userAuthoritiesMapper != null) {
|
||||
oidcAuthorizationCodeAuthenticationProvider.setAuthoritiesMapper(
|
||||
this.userInfoEndpointConfig.userAuthoritiesMapper);
|
||||
|
|
|
@ -20,7 +20,7 @@ import org.springframework.security.core.Authentication;
|
|||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
||||
import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger;
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
|
||||
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
|
||||
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
|
||||
|
@ -50,7 +50,7 @@ import java.util.Collection;
|
|||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see OAuth2LoginAuthenticationToken
|
||||
* @see AuthorizationGrantTokenExchanger
|
||||
* @see OAuth2AccessTokenResponseClient
|
||||
* @see OAuth2UserService
|
||||
* @see OAuth2User
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant Flow</a>
|
||||
|
@ -60,17 +60,17 @@ import java.util.Collection;
|
|||
public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider {
|
||||
private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter";
|
||||
private static final String INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE = "invalid_redirect_uri_parameter";
|
||||
private final AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> authorizationCodeTokenExchanger;
|
||||
private final OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
|
||||
private final OAuth2UserService<OAuth2UserRequest, OAuth2User> userService;
|
||||
private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities);
|
||||
|
||||
public OAuth2LoginAuthenticationProvider(
|
||||
AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> authorizationCodeTokenExchanger,
|
||||
OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient,
|
||||
OAuth2UserService<OAuth2UserRequest, OAuth2User> userService) {
|
||||
|
||||
Assert.notNull(authorizationCodeTokenExchanger, "authorizationCodeTokenExchanger cannot be null");
|
||||
Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
|
||||
Assert.notNull(userService, "userService cannot be null");
|
||||
this.authorizationCodeTokenExchanger = authorizationCodeTokenExchanger;
|
||||
this.accessTokenResponseClient = accessTokenResponseClient;
|
||||
this.userService = userService;
|
||||
}
|
||||
|
||||
|
@ -110,7 +110,7 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider
|
|||
}
|
||||
|
||||
OAuth2AccessTokenResponse accessTokenResponse =
|
||||
this.authorizationCodeTokenExchanger.exchange(
|
||||
this.accessTokenResponseClient.getTokenResponse(
|
||||
new OAuth2AuthorizationCodeGrantRequest(
|
||||
authorizationCodeAuthentication.getClientRegistration(),
|
||||
authorizationCodeAuthentication.getAuthorizationExchange()));
|
||||
|
|
|
@ -48,7 +48,7 @@ import java.util.Map;
|
|||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* An implementation of an {@link AuthorizationGrantTokenExchanger} that <i>"exchanges"</i>
|
||||
* An implementation of an {@link OAuth2AccessTokenResponseClient} that <i>"exchanges"</i>
|
||||
* an <i>Authorization Code</i> credential for an <i>Access Token</i> credential
|
||||
* at the Authorization Server's <i>Token Endpoint</i>.
|
||||
*
|
||||
|
@ -57,18 +57,18 @@ import java.util.Set;
|
|||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see AuthorizationGrantTokenExchanger
|
||||
* @see OAuth2AccessTokenResponseClient
|
||||
* @see OAuth2AuthorizationCodeGrantRequest
|
||||
* @see OAuth2AccessTokenResponse
|
||||
* @see <a target="_blank" href="https://connect2id.com/products/nimbus-oauth-openid-connect-sdk">Nimbus OAuth 2.0 SDK</a>
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request (Authorization Code Grant)</a>
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response (Authorization Code Grant)</a>
|
||||
*/
|
||||
public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> {
|
||||
public class NimbusAuthorizationCodeTokenResponseClient implements OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> {
|
||||
private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response";
|
||||
|
||||
@Override
|
||||
public OAuth2AccessTokenResponse exchange(OAuth2AuthorizationCodeGrantRequest authorizationGrantRequest)
|
||||
public OAuth2AccessTokenResponse getTokenResponse(OAuth2AuthorizationCodeGrantRequest authorizationGrantRequest)
|
||||
throws OAuth2AuthenticationException {
|
||||
|
||||
ClientRegistration clientRegistration = authorizationGrantRequest.getClientRegistration();
|
|
@ -34,8 +34,8 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon
|
|||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request (Authorization Code Grant)</a>
|
||||
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response (Authorization Code Grant)</a>
|
||||
*/
|
||||
public interface AuthorizationGrantTokenExchanger<T extends AbstractOAuth2AuthorizationGrantRequest> {
|
||||
public interface OAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest> {
|
||||
|
||||
OAuth2AccessTokenResponse exchange(T authorizationGrantRequest) throws OAuth2AuthenticationException;
|
||||
OAuth2AccessTokenResponse getTokenResponse(T authorizationGrantRequest) throws OAuth2AuthenticationException;
|
||||
|
||||
}
|
|
@ -21,7 +21,7 @@ import org.springframework.security.core.AuthenticationException;
|
|||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger;
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
|
||||
import org.springframework.security.oauth2.client.jwt.JwtDecoderRegistry;
|
||||
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
|
||||
|
@ -63,7 +63,7 @@ import java.util.List;
|
|||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see OidcAuthorizationCodeAuthenticationToken
|
||||
* @see AuthorizationGrantTokenExchanger
|
||||
* @see OAuth2AccessTokenResponseClient
|
||||
* @see OidcUserService
|
||||
* @see OidcUser
|
||||
* @see <a target="_blank" href="http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">Section 3.1 Authorization Code Grant Flow</a>
|
||||
|
@ -74,20 +74,20 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
|
|||
private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter";
|
||||
private static final String INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE = "invalid_redirect_uri_parameter";
|
||||
private static final String INVALID_ID_TOKEN_ERROR_CODE = "invalid_id_token";
|
||||
private final AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> authorizationCodeTokenExchanger;
|
||||
private final OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
|
||||
private final OAuth2UserService<OidcUserRequest, OidcUser> userService;
|
||||
private final JwtDecoderRegistry jwtDecoderRegistry;
|
||||
private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities);
|
||||
|
||||
public OidcAuthorizationCodeAuthenticationProvider(
|
||||
AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> authorizationCodeTokenExchanger,
|
||||
OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient,
|
||||
OAuth2UserService<OidcUserRequest, OidcUser> userService,
|
||||
JwtDecoderRegistry jwtDecoderRegistry) {
|
||||
|
||||
Assert.notNull(authorizationCodeTokenExchanger, "authorizationCodeTokenExchanger cannot be null");
|
||||
Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
|
||||
Assert.notNull(userService, "userService cannot be null");
|
||||
Assert.notNull(jwtDecoderRegistry, "jwtDecoderRegistry cannot be null");
|
||||
this.authorizationCodeTokenExchanger = authorizationCodeTokenExchanger;
|
||||
this.accessTokenResponseClient = accessTokenResponseClient;
|
||||
this.userService = userService;
|
||||
this.jwtDecoderRegistry = jwtDecoderRegistry;
|
||||
}
|
||||
|
@ -128,7 +128,7 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
|
|||
}
|
||||
|
||||
OAuth2AccessTokenResponse accessTokenResponse =
|
||||
this.authorizationCodeTokenExchanger.exchange(
|
||||
this.accessTokenResponseClient.getTokenResponse(
|
||||
new OAuth2AuthorizationCodeGrantRequest(
|
||||
authorizationCodeAuthentication.getClientRegistration(),
|
||||
authorizationCodeAuthentication.getAuthorizationExchange()));
|
||||
|
|
|
@ -40,7 +40,7 @@ import org.springframework.security.core.GrantedAuthority;
|
|||
import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
|
||||
import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger;
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
|
@ -351,21 +351,21 @@ public class OAuth2LoginApplicationTests {
|
|||
.and()
|
||||
.oauth2Login()
|
||||
.tokenEndpoint()
|
||||
.authorizationCodeTokenExchanger(this.mockAuthorizationCodeTokenExchanger())
|
||||
.accessTokenResponseClient(this.mockAccessTokenResponseClient())
|
||||
.and()
|
||||
.userInfoEndpoint()
|
||||
.userService(this.mockUserInfoService());
|
||||
}
|
||||
// @formatter:on
|
||||
|
||||
private AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> mockAuthorizationCodeTokenExchanger() {
|
||||
private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> mockAccessTokenResponseClient() {
|
||||
OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
|
||||
.tokenType(OAuth2AccessToken.TokenType.BEARER)
|
||||
.expiresIn(60 * 1000)
|
||||
.build();
|
||||
|
||||
AuthorizationGrantTokenExchanger mock = mock(AuthorizationGrantTokenExchanger.class);
|
||||
when(mock.exchange(any())).thenReturn(accessTokenResponse);
|
||||
OAuth2AccessTokenResponseClient mock = mock(OAuth2AccessTokenResponseClient.class);
|
||||
when(mock.getTokenResponse(any())).thenReturn(accessTokenResponse);
|
||||
return mock;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue