use of org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken in project spring-security by spring-projects.
the class OidcAuthorizationCodeAuthenticationProviderTests method authenticateWhenAuthoritiesMapperSetThenReturnMappedAuthorities.
@Test
public void authenticateWhenAuthoritiesMapperSetThenReturnMappedAuthorities() {
Map<String, Object> claims = new HashMap<>();
claims.put(IdTokenClaimNames.ISS, "https://provider.com");
claims.put(IdTokenClaimNames.SUB, "subject1");
claims.put(IdTokenClaimNames.AUD, Arrays.asList("client1", "client2"));
claims.put(IdTokenClaimNames.AZP, "client1");
claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
this.setUpIdToken(claims);
OidcUser principal = mock(OidcUser.class);
List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) (invocation) -> authorities);
given(this.userService.loadUser(any())).willReturn(principal);
List<GrantedAuthority> mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OIDC_USER");
GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class);
given(authoritiesMapper.mapAuthorities(anyCollection())).willAnswer((Answer<List<GrantedAuthority>>) (invocation) -> mappedAuthorities);
this.authenticationProvider.setAuthoritiesMapper(authoritiesMapper);
OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
assertThat(authentication.getAuthorities()).isEqualTo(mappedAuthorities);
}
use of org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken in project spring-security by spring-projects.
the class OidcAuthorizationCodeAuthenticationProviderTests method authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthenticationException.
@Test
public void authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthenticationException() {
// @formatter:off
OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.error().errorCode(OAuth2ErrorCodes.INVALID_SCOPE).build();
// @formatter:on
OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse);
assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.authenticationProvider.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange))).withMessageContaining(OAuth2ErrorCodes.INVALID_SCOPE);
}
use of org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken in project spring-security by spring-projects.
the class OidcAuthorizationCodeAuthenticationProviderTests method authenticateWhenIdTokenValidationErrorThenThrowOAuth2AuthenticationException.
@Test
public void authenticateWhenIdTokenValidationErrorThenThrowOAuth2AuthenticationException() {
JwtDecoder jwtDecoder = mock(JwtDecoder.class);
given(jwtDecoder.decode(anyString())).willThrow(new JwtException("ID Token Validation Error"));
this.authenticationProvider.setJwtDecoderFactory((registration) -> jwtDecoder);
assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.authenticationProvider.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange))).withMessageContaining("[invalid_id_token] ID Token Validation Error");
}
use of org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken in project spring-security by spring-projects.
the class OidcAuthorizationCodeAuthenticationProviderTests method authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthenticationException.
@Test
public void authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthenticationException() {
// @formatter:off
OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().state("89012").build();
// @formatter:on
OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse);
assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.authenticationProvider.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange))).withMessageContaining("invalid_state_parameter");
}
use of org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken in project spring-security by spring-projects.
the class OAuth2LoginAuthenticationProviderTests method authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthenticationException.
@Test
public void authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthenticationException() {
OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.error().errorCode(OAuth2ErrorCodes.INVALID_REQUEST).build();
OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse);
assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.authenticationProvider.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange))).withMessageContaining(OAuth2ErrorCodes.INVALID_REQUEST);
}
Aggregations