Examples with OAuth2AuthenticationToken org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken used on opensource projects

Example 36 with OAuth2AuthenticationToken

use of org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken in project spring-security by spring-projects.

the class OAuth2LoginAuthenticationFilter method attemptAuthentication.

@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
    MultiValueMap<String, String> params = OAuth2AuthorizationResponseUtils.toMultiMap(request.getParameterMap());
    if (!OAuth2AuthorizationResponseUtils.isAuthorizationResponse(params)) {
        OAuth2Error oauth2Error = new OAuth2Error(OAuth2ErrorCodes.INVALID_REQUEST);
        throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
    }
    OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestRepository.removeAuthorizationRequest(request, response);
    if (authorizationRequest == null) {
        OAuth2Error oauth2Error = new OAuth2Error(AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE);
        throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
    }
    String registrationId = authorizationRequest.getAttribute(OAuth2ParameterNames.REGISTRATION_ID);
    ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId);
    if (clientRegistration == null) {
        OAuth2Error oauth2Error = new OAuth2Error(CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE, "Client Registration not found with Id: " + registrationId, null);
        throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
    }
    // @formatter:off
    String redirectUri = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request)).replaceQuery(null).build().toUriString();
    // @formatter:on
    OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponseUtils.convert(params, redirectUri);
    Object authenticationDetails = this.authenticationDetailsSource.buildDetails(request);
    OAuth2LoginAuthenticationToken authenticationRequest = new OAuth2LoginAuthenticationToken(clientRegistration, new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse));
    authenticationRequest.setDetails(authenticationDetails);
    OAuth2LoginAuthenticationToken authenticationResult = (OAuth2LoginAuthenticationToken) this.getAuthenticationManager().authenticate(authenticationRequest);
    OAuth2AuthenticationToken oauth2Authentication = this.authenticationResultConverter.convert(authenticationResult);
    Assert.notNull(oauth2Authentication, "authentication result cannot be null");
    oauth2Authentication.setDetails(authenticationDetails);
    OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(authenticationResult.getClientRegistration(), oauth2Authentication.getName(), authenticationResult.getAccessToken(), authenticationResult.getRefreshToken());
    this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, oauth2Authentication, request, response);
    return oauth2Authentication;
}

Example 37 with OAuth2AuthenticationToken

use of org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken in project spring-security by spring-projects.

the class OAuth2LoginAuthenticationWebFilter method onAuthenticationSuccess.

@Override
protected Mono<Void> onAuthenticationSuccess(Authentication authentication, WebFilterExchange webFilterExchange) {
    OAuth2LoginAuthenticationToken authenticationResult = (OAuth2LoginAuthenticationToken) authentication;
    OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(authenticationResult.getClientRegistration(), authenticationResult.getName(), authenticationResult.getAccessToken(), authenticationResult.getRefreshToken());
    OAuth2AuthenticationToken result = new OAuth2AuthenticationToken(authenticationResult.getPrincipal(), authenticationResult.getAuthorities(), authenticationResult.getClientRegistration().getRegistrationId());
    // @formatter:off
    return this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, authenticationResult, webFilterExchange.getExchange()).then(super.onAuthenticationSuccess(result, webFilterExchange));
// @formatter:on
}

Example 38 with OAuth2AuthenticationToken

use of org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken in project spring-security by spring-projects.

the class OidcClientInitiatedServerLogoutSuccessHandlerTests method logoutWhenNotOidcUserThenDefaults.

@Test
public void logoutWhenNotOidcUserThenDefaults() {
    OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOAuth2Users.create(), AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
    given(this.exchange.getPrincipal()).willReturn(Mono.just(token));
    WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain);
    this.handler.setLogoutSuccessUrl(URI.create("https://default"));
    this.handler.onLogoutSuccess(f, token).block();
    assertThat(redirectedUrl(this.exchange)).isEqualTo("https://default");
}

Example 39 with OAuth2AuthenticationToken

use of org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken in project spring-security by spring-projects.

the class OidcClientInitiatedServerLogoutSuccessHandlerTests method logoutWhenOidcRedirectUrlConfiguredThenRedirects.

@Test
public void logoutWhenOidcRedirectUrlConfiguredThenRedirects() {
    OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
    given(this.exchange.getPrincipal()).willReturn(Mono.just(token));
    WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain);
    this.handler.onLogoutSuccess(f, token).block();
    assertThat(redirectedUrl(this.exchange)).isEqualTo("https://endpoint?id_token_hint=id-token");
}

Example 40 with OAuth2AuthenticationToken

use of org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken in project spring-security by spring-projects.

the class OAuth2AuthenticationTokenMixinTests method deserializeWhenMixinRegisteredThenDeserializes.

@Test
public void deserializeWhenMixinRegisteredThenDeserializes() throws Exception {
    // OidcUser
    OAuth2AuthenticationToken expectedAuthentication = TestOAuth2AuthenticationTokens.oidcAuthenticated();
    String json = asJson(expectedAuthentication);
    OAuth2AuthenticationToken authentication = this.mapper.readValue(json, OAuth2AuthenticationToken.class);
    assertThat(authentication.getAuthorities()).containsExactlyElementsOf(expectedAuthentication.getAuthorities());
    assertThat(authentication.getDetails()).isEqualTo(expectedAuthentication.getDetails());
    assertThat(authentication.isAuthenticated()).isEqualTo(expectedAuthentication.isAuthenticated());
    assertThat(authentication.getAuthorizedClientRegistrationId()).isEqualTo(expectedAuthentication.getAuthorizedClientRegistrationId());
    DefaultOidcUser expectedOidcUser = (DefaultOidcUser) expectedAuthentication.getPrincipal();
    DefaultOidcUser oidcUser = (DefaultOidcUser) authentication.getPrincipal();
    assertThat(oidcUser.getAuthorities().containsAll(expectedOidcUser.getAuthorities())).isTrue();
    assertThat(oidcUser.getAttributes()).containsExactlyEntriesOf(expectedOidcUser.getAttributes());
    assertThat(oidcUser.getName()).isEqualTo(expectedOidcUser.getName());
    OidcIdToken expectedIdToken = expectedOidcUser.getIdToken();
    OidcIdToken idToken = oidcUser.getIdToken();
    assertThat(idToken.getTokenValue()).isEqualTo(expectedIdToken.getTokenValue());
    assertThat(idToken.getIssuedAt()).isEqualTo(expectedIdToken.getIssuedAt());
    assertThat(idToken.getExpiresAt()).isEqualTo(expectedIdToken.getExpiresAt());
    assertThat(idToken.getClaims()).containsExactlyEntriesOf(expectedIdToken.getClaims());
    OidcUserInfo expectedUserInfo = expectedOidcUser.getUserInfo();
    OidcUserInfo userInfo = oidcUser.getUserInfo();
    assertThat(userInfo.getClaims()).containsExactlyEntriesOf(expectedUserInfo.getClaims());
    // OAuth2User
    expectedAuthentication = TestOAuth2AuthenticationTokens.authenticated();
    json = asJson(expectedAuthentication);
    authentication = this.mapper.readValue(json, OAuth2AuthenticationToken.class);
    assertThat(authentication.getAuthorities()).containsExactlyElementsOf(expectedAuthentication.getAuthorities());
    assertThat(authentication.getDetails()).isEqualTo(expectedAuthentication.getDetails());
    assertThat(authentication.isAuthenticated()).isEqualTo(expectedAuthentication.isAuthenticated());
    assertThat(authentication.getAuthorizedClientRegistrationId()).isEqualTo(expectedAuthentication.getAuthorizedClientRegistrationId());
    DefaultOAuth2User expectedOauth2User = (DefaultOAuth2User) expectedAuthentication.getPrincipal();
    DefaultOAuth2User oauth2User = (DefaultOAuth2User) authentication.getPrincipal();
    assertThat(oauth2User.getAuthorities().containsAll(expectedOauth2User.getAuthorities())).isTrue();
    assertThat(oauth2User.getAttributes()).containsExactlyEntriesOf(expectedOauth2User.getAttributes());
    assertThat(oauth2User.getName()).isEqualTo(expectedOauth2User.getName());
}