use of org.springframework.security.oauth2.client.ClientAuthorizationException in project spring-security by spring-projects.
the class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests method reauthorizeWhenErrorCodeDoesNotMatchThenDoNotRemoveAuthorizedClient.
@Test
public void reauthorizeWhenErrorCodeDoesNotMatchThenDoNotRemoveAuthorizedClient() {
ClientAuthorizationException authorizationException = new ClientAuthorizationException(new OAuth2Error("non-matching-error-code", null, null), this.clientRegistration.getRegistrationId());
given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).willThrow(authorizationException);
// @formatter:off
OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient).principal(this.principal).build();
assertThatExceptionOfType(ClientAuthorizationException.class).isThrownBy(() -> this.authorizedClientManager.authorize(reauthorizeRequest)).isEqualTo(authorizationException);
// @formatter:on
verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal), any());
verifyNoInteractions(this.authorizedClientService);
}
use of org.springframework.security.oauth2.client.ClientAuthorizationException in project spring-security by spring-projects.
the class DefaultReactiveOAuth2AuthorizedClientManagerTests method authorizeWhenInvalidGrantThenRemoveAuthorizedClient.
@SuppressWarnings("unchecked")
@Test
public void authorizeWhenInvalidGrantThenRemoveAuthorizedClient() {
given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))).willReturn(Mono.just(this.clientRegistration));
OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal).build();
ClientAuthorizationException exception = new ClientAuthorizationException(new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null), this.clientRegistration.getRegistrationId());
given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).willReturn(Mono.error(exception));
assertThatExceptionOfType(ClientAuthorizationException.class).isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block()).isEqualTo(exception);
verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture());
verify(this.contextAttributesMapper).apply(eq(authorizeRequest));
OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue();
assertThat(authorizationContext.getClientRegistration()).isEqualTo(this.clientRegistration);
assertThat(authorizationContext.getAuthorizedClient()).isNull();
assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal);
verify(this.authorizedClientRepository).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), eq(this.principal), eq(this.serverWebExchange));
this.removeAuthorizedClientProbe.assertWasSubscribed();
verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), any(), any());
}
use of org.springframework.security.oauth2.client.ClientAuthorizationException in project spring-security by spring-projects.
the class ClientCredentialsReactiveOAuth2AuthorizedClientProvider method authorize.
/**
* Attempt to authorize (or re-authorize) the
* {@link OAuth2AuthorizationContext#getClientRegistration() client} in the provided
* {@code context}. Returns an empty {@code Mono} if authorization (or
* re-authorization) is not supported, e.g. the client's
* {@link ClientRegistration#getAuthorizationGrantType() authorization grant type} is
* not {@link AuthorizationGrantType#CLIENT_CREDENTIALS client_credentials} OR the
* {@link OAuth2AuthorizedClient#getAccessToken() access token} is not expired.
* @param context the context that holds authorization-specific state for the client
* @return the {@link OAuth2AuthorizedClient} or an empty {@code Mono} if
* authorization (or re-authorization) is not supported
*/
@Override
public Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext context) {
Assert.notNull(context, "context cannot be null");
ClientRegistration clientRegistration = context.getClientRegistration();
if (!AuthorizationGrantType.CLIENT_CREDENTIALS.equals(clientRegistration.getAuthorizationGrantType())) {
return Mono.empty();
}
OAuth2AuthorizedClient authorizedClient = context.getAuthorizedClient();
if (authorizedClient != null && !hasTokenExpired(authorizedClient.getAccessToken())) {
// need for re-authorization
return Mono.empty();
}
// is the same as acquiring a new access token (authorization).
return Mono.just(new OAuth2ClientCredentialsGrantRequest(clientRegistration)).flatMap(this.accessTokenResponseClient::getTokenResponse).onErrorMap(OAuth2AuthorizationException.class, (ex) -> new ClientAuthorizationException(ex.getError(), clientRegistration.getRegistrationId(), ex)).map((tokenResponse) -> new OAuth2AuthorizedClient(clientRegistration, context.getPrincipal().getName(), tokenResponse.getAccessToken()));
}
use of org.springframework.security.oauth2.client.ClientAuthorizationException in project spring-security by spring-projects.
the class DefaultOAuth2AuthorizedClientManagerTests method reauthorizeWhenErrorCodeMatchThenRemoveAuthorizedClient.
@Test
public void reauthorizeWhenErrorCodeMatchThenRemoveAuthorizedClient() {
ClientAuthorizationException authorizationException = new ClientAuthorizationException(new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null), this.clientRegistration.getRegistrationId());
given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).willThrow(authorizationException);
// @formatter:off
OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient).principal(this.principal).attributes((attrs) -> {
attrs.put(HttpServletRequest.class.getName(), this.request);
attrs.put(HttpServletResponse.class.getName(), this.response);
}).build();
// @formatter:on
assertThatExceptionOfType(ClientAuthorizationException.class).isThrownBy(() -> this.authorizedClientManager.authorize(reauthorizeRequest)).isEqualTo(authorizationException);
verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal), any());
verify(this.authorizedClientRepository).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), eq(this.principal), eq(this.request), eq(this.response));
}
use of org.springframework.security.oauth2.client.ClientAuthorizationException in project spring-security by spring-projects.
the class DefaultOAuth2AuthorizedClientManagerTests method reauthorizeWhenErrorCodeDoesNotMatchThenDoNotRemoveAuthorizedClient.
@Test
public void reauthorizeWhenErrorCodeDoesNotMatchThenDoNotRemoveAuthorizedClient() {
ClientAuthorizationException authorizationException = new ClientAuthorizationException(new OAuth2Error("non-matching-error-code", null, null), this.clientRegistration.getRegistrationId());
given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).willThrow(authorizationException);
// @formatter:off
OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient).principal(this.principal).attributes((attrs) -> {
attrs.put(HttpServletRequest.class.getName(), this.request);
attrs.put(HttpServletResponse.class.getName(), this.response);
}).build();
// @formatter:on
assertThatExceptionOfType(ClientAuthorizationException.class).isThrownBy(() -> this.authorizedClientManager.authorize(reauthorizeRequest)).isEqualTo(authorizationException);
verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal), any());
verifyNoInteractions(this.authorizedClientRepository);
}
Aggregations