use of org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken in project spring-security by spring-projects.
the class OAuth2AuthorizationCodeAuthenticationProviderTests method authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthorizationException.
@Test
public void authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthorizationException() {
OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().state("67890").build();
OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse);
assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(() -> this.authenticationProvider.authenticate(new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange))).withMessageContaining("invalid_state_parameter");
}
use of org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken in project spring-security by spring-projects.
the class OAuth2AuthorizationCodeAuthenticationProviderTests method authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthorizationException.
@Test
public void authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthorizationException() {
OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.error().errorCode(OAuth2ErrorCodes.INVALID_REQUEST).build();
OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse);
assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(() -> this.authenticationProvider.authenticate(new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange))).withMessageContaining(OAuth2ErrorCodes.INVALID_REQUEST);
}
use of org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken in project spring-security by spring-projects.
the class OAuth2AuthorizationCodeAuthenticationProviderTests method authenticateWhenAuthorizationSuccessResponseThenAdditionalParametersIncluded.
// gh-5368
@Test
public void authenticateWhenAuthorizationSuccessResponseThenAdditionalParametersIncluded() {
Map<String, Object> additionalParameters = new HashMap<>();
additionalParameters.put("param1", "value1");
additionalParameters.put("param2", "value2");
OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().additionalParameters(additionalParameters).build();
given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, TestOAuth2AuthorizationResponses.success().build());
OAuth2AuthorizationCodeAuthenticationToken authentication = (OAuth2AuthorizationCodeAuthenticationToken) this.authenticationProvider.authenticate(new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange));
assertThat(authentication.getAdditionalParameters()).containsAllEntriesOf(accessTokenResponse.getAdditionalParameters());
}
use of org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken in project spring-security by spring-projects.
the class OAuth2AuthorizationCodeAuthenticationProviderTests method authenticateWhenAuthorizationSuccessResponseThenExchangedForAccessToken.
@Test
public void authenticateWhenAuthorizationSuccessResponseThenExchangedForAccessToken() {
OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().refreshToken("refresh").build();
given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, TestOAuth2AuthorizationResponses.success().build());
OAuth2AuthorizationCodeAuthenticationToken authenticationResult = (OAuth2AuthorizationCodeAuthenticationToken) this.authenticationProvider.authenticate(new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange));
assertThat(authenticationResult.isAuthenticated()).isTrue();
assertThat(authenticationResult.getPrincipal()).isEqualTo(this.clientRegistration.getClientId());
assertThat(authenticationResult.getCredentials()).isEqualTo(accessTokenResponse.getAccessToken().getTokenValue());
assertThat(authenticationResult.getAuthorities()).isEqualTo(Collections.emptyList());
assertThat(authenticationResult.getClientRegistration()).isEqualTo(this.clientRegistration);
assertThat(authenticationResult.getAuthorizationExchange()).isEqualTo(authorizationExchange);
assertThat(authenticationResult.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
assertThat(authenticationResult.getRefreshToken()).isEqualTo(accessTokenResponse.getRefreshToken());
}
use of org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken in project spring-security by spring-projects.
the class OAuth2AuthorizationCodeReactiveAuthenticationManagerTests method authenticate.
private OAuth2AuthorizationCodeAuthenticationToken authenticate() {
OAuth2AuthorizationExchange exchange = new OAuth2AuthorizationExchange(this.authorizationRequest.build(), this.authorizationResponse.build());
OAuth2AuthorizationCodeAuthenticationToken token = new OAuth2AuthorizationCodeAuthenticationToken(this.registration.build(), exchange);
return (OAuth2AuthorizationCodeAuthenticationToken) this.manager.authenticate(token).block();
}
Aggregations