Search in sources :

Example 16 with OAuth2AuthorizationCodeAuthenticationToken

use of org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken in project spring-security by spring-projects.

the class OAuth2AuthorizationCodeAuthenticationProviderTests method authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthorizationException.

@Test
public void authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthorizationException() {
    OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().state("67890").build();
    OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse);
    assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(() -> this.authenticationProvider.authenticate(new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange))).withMessageContaining("invalid_state_parameter");
}
Also used : OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange) OAuth2AuthorizationResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse) Test(org.junit.jupiter.api.Test)

Example 17 with OAuth2AuthorizationCodeAuthenticationToken

use of org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken in project spring-security by spring-projects.

the class OAuth2AuthorizationCodeAuthenticationProviderTests method authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthorizationException.

@Test
public void authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthorizationException() {
    OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.error().errorCode(OAuth2ErrorCodes.INVALID_REQUEST).build();
    OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse);
    assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(() -> this.authenticationProvider.authenticate(new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange))).withMessageContaining(OAuth2ErrorCodes.INVALID_REQUEST);
}
Also used : OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange) OAuth2AuthorizationResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse) Test(org.junit.jupiter.api.Test)

Example 18 with OAuth2AuthorizationCodeAuthenticationToken

use of org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken in project spring-security by spring-projects.

the class OAuth2AuthorizationCodeAuthenticationProviderTests method authenticateWhenAuthorizationSuccessResponseThenAdditionalParametersIncluded.

// gh-5368
@Test
public void authenticateWhenAuthorizationSuccessResponseThenAdditionalParametersIncluded() {
    Map<String, Object> additionalParameters = new HashMap<>();
    additionalParameters.put("param1", "value1");
    additionalParameters.put("param2", "value2");
    OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().additionalParameters(additionalParameters).build();
    given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
    OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, TestOAuth2AuthorizationResponses.success().build());
    OAuth2AuthorizationCodeAuthenticationToken authentication = (OAuth2AuthorizationCodeAuthenticationToken) this.authenticationProvider.authenticate(new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange));
    assertThat(authentication.getAdditionalParameters()).containsAllEntriesOf(accessTokenResponse.getAdditionalParameters());
}
Also used : OAuth2AccessTokenResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse) HashMap(java.util.HashMap) OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange) Test(org.junit.jupiter.api.Test)

Example 19 with OAuth2AuthorizationCodeAuthenticationToken

use of org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken in project spring-security by spring-projects.

the class OAuth2AuthorizationCodeAuthenticationProviderTests method authenticateWhenAuthorizationSuccessResponseThenExchangedForAccessToken.

@Test
public void authenticateWhenAuthorizationSuccessResponseThenExchangedForAccessToken() {
    OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().refreshToken("refresh").build();
    given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
    OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, TestOAuth2AuthorizationResponses.success().build());
    OAuth2AuthorizationCodeAuthenticationToken authenticationResult = (OAuth2AuthorizationCodeAuthenticationToken) this.authenticationProvider.authenticate(new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange));
    assertThat(authenticationResult.isAuthenticated()).isTrue();
    assertThat(authenticationResult.getPrincipal()).isEqualTo(this.clientRegistration.getClientId());
    assertThat(authenticationResult.getCredentials()).isEqualTo(accessTokenResponse.getAccessToken().getTokenValue());
    assertThat(authenticationResult.getAuthorities()).isEqualTo(Collections.emptyList());
    assertThat(authenticationResult.getClientRegistration()).isEqualTo(this.clientRegistration);
    assertThat(authenticationResult.getAuthorizationExchange()).isEqualTo(authorizationExchange);
    assertThat(authenticationResult.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
    assertThat(authenticationResult.getRefreshToken()).isEqualTo(accessTokenResponse.getRefreshToken());
}
Also used : OAuth2AccessTokenResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse) OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange) Test(org.junit.jupiter.api.Test)

Example 20 with OAuth2AuthorizationCodeAuthenticationToken

use of org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken in project spring-security by spring-projects.

the class OAuth2AuthorizationCodeReactiveAuthenticationManagerTests method authenticate.

private OAuth2AuthorizationCodeAuthenticationToken authenticate() {
    OAuth2AuthorizationExchange exchange = new OAuth2AuthorizationExchange(this.authorizationRequest.build(), this.authorizationResponse.build());
    OAuth2AuthorizationCodeAuthenticationToken token = new OAuth2AuthorizationCodeAuthenticationToken(this.registration.build(), exchange);
    return (OAuth2AuthorizationCodeAuthenticationToken) this.manager.authenticate(token).block();
}
Also used : OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange)

Aggregations

OAuth2AuthorizationResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)23 OAuth2AuthorizationExchange (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange)22 OAuth2AuthorizationCodeAuthenticationToken (org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken)19 OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)19 Test (org.junit.jupiter.api.Test)16 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)16 OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)16 OAuth2AuthorizationCodeGrantRequest (org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest)13 OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)13 OAuth2AuthenticationException (org.springframework.security.oauth2.core.OAuth2AuthenticationException)12 Authentication (org.springframework.security.core.Authentication)11 Mono (reactor.core.publisher.Mono)11 HashMap (java.util.HashMap)10 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)9 Map (java.util.Map)9 OAuth2Error (org.springframework.security.oauth2.core.OAuth2Error)9 Base64 (java.util.Base64)8 ExtendWith (org.junit.jupiter.api.extension.ExtendWith)8 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)8 BDDMockito.given (org.mockito.BDDMockito.given)8