Search in sources :

Example 11 with OAuth2AuthorizationContext

use of org.springframework.security.oauth2.client.OAuth2AuthorizationContext in project spring-security by spring-projects.

the class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests method authorizeWhenClientCredentialsAndTokenExpiredThenReauthorize.

@Test
public void authorizeWhenClientCredentialsAndTokenExpiredThenReauthorize() {
    Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
    Instant expiresAt = issuedAt.plus(Duration.ofMinutes(60));
    OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token-1234", issuedAt, expiresAt);
    OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), accessToken);
    OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
    given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
    // @formatter:off
    OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient).principal(this.principal).build();
    // @formatter:on
    authorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block();
    assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
    assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
    assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
}
Also used : OAuth2AccessTokenResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) Instant(java.time.Instant) Test(org.junit.jupiter.api.Test)

Example 12 with OAuth2AuthorizationContext

use of org.springframework.security.oauth2.client.OAuth2AuthorizationContext in project spring-security by spring-projects.

the class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests method authorizeWhenClientCredentialsAndTokenNotExpiredButClockSkewForcesExpiryThenReauthorize.

// gh-7511
@Test
public void authorizeWhenClientCredentialsAndTokenNotExpiredButClockSkewForcesExpiryThenReauthorize() {
    Instant now = Instant.now();
    Instant issuedAt = now.minus(Duration.ofMinutes(60));
    Instant expiresAt = now.minus(Duration.ofMinutes(1));
    OAuth2AccessToken expiresInOneMinAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token-1234", issuedAt, expiresAt);
    OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), expiresInOneMinAccessToken);
    // Shorten the lifespan of the access token by 90 seconds, which will ultimately
    // force it to expire on the client
    this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90));
    OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
    given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
    // @formatter:off
    OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient).principal(this.principal).build();
    // @formatter:on
    OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block();
    assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
    assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
    assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
}
Also used : OAuth2AccessTokenResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) Instant(java.time.Instant) Test(org.junit.jupiter.api.Test)

Example 13 with OAuth2AuthorizationContext

use of org.springframework.security.oauth2.client.OAuth2AuthorizationContext in project spring-security by spring-projects.

the class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests method authorizeWhenClientCredentialsAndNotAuthorizedThenAuthorize.

@Test
public void authorizeWhenClientCredentialsAndNotAuthorizedThenAuthorize() {
    OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
    given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
    // @formatter:off
    OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext.withClientRegistration(this.clientRegistration).principal(this.principal).build();
    // @formatter:on
    OAuth2AuthorizedClient authorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block();
    assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
    assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
    assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
}
Also used : OAuth2AccessTokenResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse) Test(org.junit.jupiter.api.Test)

Example 14 with OAuth2AuthorizationContext

use of org.springframework.security.oauth2.client.OAuth2AuthorizationContext in project spring-security by spring-projects.

the class DelegatingReactiveOAuth2AuthorizedClientProviderTests method authorizeWhenProviderCantAuthorizeThenReturnNull.

@Test
public void authorizeWhenProviderCantAuthorizeThenReturnNull() {
    ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
    OAuth2AuthorizationContext context = OAuth2AuthorizationContext.withClientRegistration(clientRegistration).principal(new TestingAuthenticationToken("principal", "password")).build();
    ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider1 = mock(ReactiveOAuth2AuthorizedClientProvider.class);
    given(authorizedClientProvider1.authorize(any())).willReturn(Mono.empty());
    ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider2 = mock(ReactiveOAuth2AuthorizedClientProvider.class);
    given(authorizedClientProvider2.authorize(any())).willReturn(Mono.empty());
    DelegatingReactiveOAuth2AuthorizedClientProvider delegate = new DelegatingReactiveOAuth2AuthorizedClientProvider(authorizedClientProvider1, authorizedClientProvider2);
    assertThat(delegate.authorize(context).block()).isNull();
}
Also used : ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.jupiter.api.Test)

Example 15 with OAuth2AuthorizationContext

use of org.springframework.security.oauth2.client.OAuth2AuthorizationContext in project spring-security by spring-projects.

the class JwtBearerReactiveOAuth2AuthorizedClientProviderTests method authorizeWhenJwtBearerAndTokenExpiredThenReauthorize.

@Test
public void authorizeWhenJwtBearerAndTokenExpiredThenReauthorize() {
    Instant now = Instant.now();
    Instant issuedAt = now.minus(Duration.ofMinutes(60));
    Instant expiresAt = now.minus(Duration.ofMinutes(30));
    OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token-1234", issuedAt, expiresAt);
    OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), accessToken);
    OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
    given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
    // @formatter:off
    OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient).principal(this.principal).build();
    // @formatter:on
    authorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block();
    assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
    assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
    assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
}
Also used : OAuth2AccessTokenResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) Instant(java.time.Instant) Test(org.junit.jupiter.api.Test)

Aggregations

Test (org.junit.jupiter.api.Test)67 OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)31 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)30 Instant (java.time.Instant)21 OAuth2AuthorizationContext (org.springframework.security.oauth2.client.OAuth2AuthorizationContext)21 OAuth2AuthorizeRequest (org.springframework.security.oauth2.client.OAuth2AuthorizeRequest)21 OAuth2Error (org.springframework.security.oauth2.core.OAuth2Error)19 OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)17 OAuth2AuthorizedClient (org.springframework.security.oauth2.client.OAuth2AuthorizedClient)16 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)15 Authentication (org.springframework.security.core.Authentication)14 Function (java.util.function.Function)11 ClientAuthorizationException (org.springframework.security.oauth2.client.ClientAuthorizationException)11 Map (java.util.Map)10 OAuth2AuthorizationException (org.springframework.security.oauth2.core.OAuth2AuthorizationException)10 HashMap (java.util.HashMap)9 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)9 Assertions.assertThatExceptionOfType (org.assertj.core.api.Assertions.assertThatExceptionOfType)9 Assertions.assertThatIllegalArgumentException (org.assertj.core.api.Assertions.assertThatIllegalArgumentException)9 BeforeEach (org.junit.jupiter.api.BeforeEach)9