Examples with OAuth2AuthorizationCodeGrantRequest org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest used on opensource projects

Search in sources :

Example 1 with OAuth2AuthorizationCodeGrantRequest

use of org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest in project spring-security by spring-projects.

the class WebClientReactiveAuthorizationCodeTokenResponseClient method populateTokenRequestBody.

@Override
BodyInserters.FormInserter<String> populateTokenRequestBody(OAuth2AuthorizationCodeGrantRequest grantRequest, BodyInserters.FormInserter<String> body) {
    super.populateTokenRequestBody(grantRequest, body);
    OAuth2AuthorizationExchange authorizationExchange = grantRequest.getAuthorizationExchange();
    OAuth2AuthorizationResponse authorizationResponse = authorizationExchange.getAuthorizationResponse();
    body.with(OAuth2ParameterNames.CODE, authorizationResponse.getCode());
    String redirectUri = authorizationExchange.getAuthorizationRequest().getRedirectUri();
    if (redirectUri != null) {
        body.with(OAuth2ParameterNames.REDIRECT_URI, redirectUri);
    }
    String codeVerifier = authorizationExchange.getAuthorizationRequest().getAttribute(PkceParameterNames.CODE_VERIFIER);
    if (codeVerifier != null) {
        body.with(PkceParameterNames.CODE_VERIFIER, codeVerifier);
    }
    return body;
}
Also used : OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange) OAuth2AuthorizationResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)

Example 2 with OAuth2AuthorizationCodeGrantRequest

use of org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest in project spring-security by spring-projects.

the class OAuth2AuthorizationCodeReactiveAuthenticationManager method authenticate.

@Override
public Mono<Authentication> authenticate(Authentication authentication) {
    return Mono.defer(() -> {
        OAuth2AuthorizationCodeAuthenticationToken token = (OAuth2AuthorizationCodeAuthenticationToken) authentication;
        OAuth2AuthorizationResponse authorizationResponse = token.getAuthorizationExchange().getAuthorizationResponse();
        if (authorizationResponse.statusError()) {
            return Mono.error(new OAuth2AuthorizationException(authorizationResponse.getError()));
        }
        OAuth2AuthorizationRequest authorizationRequest = token.getAuthorizationExchange().getAuthorizationRequest();
        if (!authorizationResponse.getState().equals(authorizationRequest.getState())) {
            OAuth2Error oauth2Error = new OAuth2Error(INVALID_STATE_PARAMETER_ERROR_CODE);
            return Mono.error(new OAuth2AuthorizationException(oauth2Error));
        }
        OAuth2AuthorizationCodeGrantRequest authzRequest = new OAuth2AuthorizationCodeGrantRequest(token.getClientRegistration(), token.getAuthorizationExchange());
        return this.accessTokenResponseClient.getTokenResponse(authzRequest).map(onSuccess(token));
    });
}
Also used : OAuth2AuthorizationException(org.springframework.security.oauth2.core.OAuth2AuthorizationException) OAuth2AuthorizationCodeGrantRequest(org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) OAuth2AuthorizationResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)

Example 3 with OAuth2AuthorizationCodeGrantRequest

use of org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest in project spring-security by spring-projects.

the class DefaultAuthorizationCodeTokenResponseClient method getTokenResponse.

@Override
public OAuth2AccessTokenResponse getTokenResponse(OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest) {
    Assert.notNull(authorizationCodeGrantRequest, "authorizationCodeGrantRequest cannot be null");
    RequestEntity<?> request = this.requestEntityConverter.convert(authorizationCodeGrantRequest);
    ResponseEntity<OAuth2AccessTokenResponse> response = getResponse(request);
    OAuth2AccessTokenResponse tokenResponse = response.getBody();
    if (CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())) {
        // As per spec, in Section 5.1 Successful Access Token Response
        // https://tools.ietf.org/html/rfc6749#section-5.1
        // If AccessTokenResponse.scope is empty, then default to the scope
        // originally requested by the client in the Token Request
        // @formatter:off
        tokenResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse).scopes(authorizationCodeGrantRequest.getClientRegistration().getScopes()).build();
    // @formatter:on
    }
    return tokenResponse;
}
Also used : OAuth2AccessTokenResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)

Example 4 with OAuth2AuthorizationCodeGrantRequest

use of org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest in project spring-security by spring-projects.

the class OAuth2LoginTests method oauth2LoginWhenIdTokenValidationFailsThenDefaultRedirectToLogin.

// gh-6484
@Test
public void oauth2LoginWhenIdTokenValidationFailsThenDefaultRedirectToLogin() {
    this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class, OAuth2LoginWithCustomBeansConfig.class).autowire();
    WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
    OAuth2LoginWithCustomBeansConfig config = this.spring.getContext().getBean(OAuth2LoginWithCustomBeansConfig.class);
    // @formatter:off
    OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests.request().scope("openid").build();
    OAuth2AuthorizationResponse response = TestOAuth2AuthorizationResponses.success().build();
    // @formatter:on
    OAuth2AuthorizationExchange exchange = new OAuth2AuthorizationExchange(request, response);
    OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("openid");
    OAuth2AuthorizationCodeAuthenticationToken authenticationToken = new OAuth2AuthorizationCodeAuthenticationToken(google, exchange, accessToken);
    ServerAuthenticationConverter converter = config.authenticationConverter;
    given(converter.convert(any())).willReturn(Mono.just(authenticationToken));
    Map<String, Object> additionalParameters = new HashMap<>();
    additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token");
    // @formatter:off
    OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken(accessToken.getTokenValue()).tokenType(accessToken.getTokenType()).scopes(accessToken.getScopes()).additionalParameters(additionalParameters).build();
    // @formatter:on
    ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> tokenResponseClient = config.tokenResponseClient;
    given(tokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
    ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory = config.jwtDecoderFactory;
    OAuth2Error oauth2Error = new OAuth2Error("invalid_id_token", "Invalid ID Token", null);
    given(jwtDecoderFactory.createDecoder(any())).willReturn((token) -> Mono.error(new JwtValidationException("ID Token validation failed", Collections.singleton(oauth2Error))));
    // @formatter:off
    webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection().expectHeader().valueEquals("Location", "/login?error");
// @formatter:on
}
Also used : OAuth2AccessTokenResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse) JwtValidationException(org.springframework.security.oauth2.jwt.JwtValidationException) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) HashMap(java.util.HashMap) OAuth2AuthorizationCodeGrantRequest(org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest) OAuth2AuthorizationCodeAuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) OAuth2AuthorizationResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse) ServerAuthenticationConverter(org.springframework.security.web.server.authentication.ServerAuthenticationConverter) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) Test(org.junit.jupiter.api.Test)

Example 5 with OAuth2AuthorizationCodeGrantRequest

use of org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest in project spring-security by spring-projects.

the class WebClientReactiveAuthorizationCodeTokenResponseClientTests method pkceAuthorizationCodeGrantRequest.

private OAuth2AuthorizationCodeGrantRequest pkceAuthorizationCodeGrantRequest() {
    ClientRegistration registration = this.clientRegistration.clientAuthenticationMethod(null).clientSecret(null).build();
    Map<String, Object> attributes = new HashMap<>();
    attributes.put(PkceParameterNames.CODE_VERIFIER, "code-verifier-1234");
    Map<String, Object> additionalParameters = new HashMap<>();
    additionalParameters.put(PkceParameterNames.CODE_CHALLENGE, "code-challenge-1234");
    additionalParameters.put(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256");
    // @formatter:off
    OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode().clientId(registration.getClientId()).state("state").authorizationUri(registration.getProviderDetails().getAuthorizationUri()).redirectUri(registration.getRedirectUri()).scopes(registration.getScopes()).attributes(attributes).additionalParameters(additionalParameters).build();
    OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponse.success("code").state("state").redirectUri(registration.getRedirectUri()).build();
    // @formatter:on
    OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse);
    return new OAuth2AuthorizationCodeGrantRequest(registration, authorizationExchange);
}
Also used : ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) HashMap(java.util.HashMap) OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange) OAuth2AuthorizationResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)

Aggregations

OAuth2AuthorizationExchange (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange)15 OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)14 Test (org.junit.jupiter.api.Test)12 OAuth2AuthorizationResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)12 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)11 OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)9 OAuth2AuthorizationCodeGrantRequest (org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest)7 OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)5 OAuth2Error (org.springframework.security.oauth2.core.OAuth2Error)5 HashMap (java.util.HashMap)4 HttpHeaders (org.springframework.http.HttpHeaders)4 OAuth2AuthorizationCodeAuthenticationToken (org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken)4 OAuth2AuthorizationException (org.springframework.security.oauth2.core.OAuth2AuthorizationException)4 MockResponse (okhttp3.mockwebserver.MockResponse)3 MockWebServer (okhttp3.mockwebserver.MockWebServer)3 OidcUserRequest (org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest)3 OidcUser (org.springframework.security.oauth2.core.oidc.user.OidcUser)3 ServerAuthenticationConverter (org.springframework.security.web.server.authentication.ServerAuthenticationConverter)3 WebTestClient (org.springframework.test.web.reactive.server.WebTestClient)3 GrantedAuthoritiesMapper (org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial