Example 6 with OAuth2ClientCredentialsGrantRequest
use of org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest in project spring-security by spring-projects.
the class NimbusJwtClientAuthenticationParametersConverterTests method convertWhenPrivateKeyJwtClientAuthenticationMethodThenCustomized.
@Test
public void convertWhenPrivateKeyJwtClientAuthenticationMethodThenCustomized() throws Exception {
RSAKey rsaJwk = TestJwks.DEFAULT_RSA_JWK;
given(this.jwkResolver.apply(any())).willReturn(rsaJwk);
// @formatter:off
ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().clientAuthenticationMethod(ClientAuthenticationMethod.PRIVATE_KEY_JWT).build();
// @formatter:on
OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(clientRegistration);
MultiValueMap<String, String> parameters = this.converter.convert(clientCredentialsGrantRequest);
assertThat(parameters.getFirst(OAuth2ParameterNames.CLIENT_ASSERTION_TYPE)).isEqualTo("urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
String encodedJws = parameters.getFirst(OAuth2ParameterNames.CLIENT_ASSERTION);
assertThat(encodedJws).isNotNull();
NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withPublicKey(rsaJwk.toRSAPublicKey()).build();
Jwt jws = jwtDecoder.decode(encodedJws);
assertThat(jws.getHeaders().get(JoseHeaderNames.ALG)).isEqualTo(SignatureAlgorithm.RS256.getName());
assertThat(jws.getHeaders().get(JoseHeaderNames.KID)).isEqualTo(rsaJwk.getKeyID());
assertThat(jws.<String>getClaim(JwtClaimNames.ISS)).isEqualTo(clientRegistration.getClientId());
assertThat(jws.getSubject()).isEqualTo(clientRegistration.getClientId());
assertThat(jws.getAudience()).isEqualTo(Collections.singletonList(clientRegistration.getProviderDetails().getTokenUri()));
assertThat(jws.getId()).isNotNull();
assertThat(jws.getIssuedAt()).isNotNull();
assertThat(jws.getExpiresAt()).isNotNull();
}
Also used :
RSAKey(com.nimbusds.jose.jwk.RSAKey)
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
NimbusJwtDecoder(org.springframework.security.oauth2.jwt.NimbusJwtDecoder)
Jwt(org.springframework.security.oauth2.jwt.Jwt)
Test(org.junit.jupiter.api.Test)
Example 7 with OAuth2ClientCredentialsGrantRequest
use of org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest in project spring-security by spring-projects.
the class WebClientReactiveClientCredentialsTokenResponseClientTests method getTokenResponseWhenSuccessCustomResponseThenReturnAccessTokenResponse.
// gh-10260
@Test
public void getTokenResponseWhenSuccessCustomResponseThenReturnAccessTokenResponse() {
enqueueJson("{}");
WebClientReactiveClientCredentialsTokenResponseClient customClient = new WebClientReactiveClientCredentialsTokenResponseClient();
BodyExtractor<Mono<OAuth2AccessTokenResponse>, ReactiveHttpInputMessage> extractor = mock(BodyExtractor.class);
OAuth2AccessTokenResponse response = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
given(extractor.extract(any(), any())).willReturn(Mono.just(response));
customClient.setBodyExtractor(extractor);
OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(this.clientRegistration.build());
OAuth2AccessTokenResponse accessTokenResponse = customClient.getTokenResponse(request).block();
assertThat(accessTokenResponse.getAccessToken()).isNotNull();
}
Also used :
OAuth2AccessTokenResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)
Mono(reactor.core.publisher.Mono)
ReactiveHttpInputMessage(org.springframework.http.ReactiveHttpInputMessage)
Test(org.junit.jupiter.api.Test)
Example 8 with OAuth2ClientCredentialsGrantRequest
use of org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest in project spring-security by spring-projects.
the class DefaultClientCredentialsTokenResponseClientTests method getTokenResponseWhenTokenUriInvalidThenThrowOAuth2AuthorizationException.
@Test
public void getTokenResponseWhenTokenUriInvalidThenThrowOAuth2AuthorizationException() {
String invalidTokenUri = "https://invalid-provider.com/oauth2/token";
ClientRegistration clientRegistration = this.clientRegistration.tokenUri(invalidTokenUri).build();
OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(clientRegistration);
assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)).withMessageContaining("[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response");
}
Also used :
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
Test(org.junit.jupiter.api.Test)
Example 9 with OAuth2ClientCredentialsGrantRequest
use of org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest in project spring-security by spring-projects.
the class NimbusJwtClientAuthenticationParametersConverterTests method convertWhenOtherClientAuthenticationMethodThenNotCustomized.
@Test
public void convertWhenOtherClientAuthenticationMethodThenNotCustomized() {
// @formatter:off
ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).build();
// @formatter:on
OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(clientRegistration);
assertThat(this.converter.convert(clientCredentialsGrantRequest)).isNull();
verifyNoInteractions(this.jwkResolver);
}
Also used :
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
Test(org.junit.jupiter.api.Test)
Example 10 with OAuth2ClientCredentialsGrantRequest
use of org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest in project spring-security by spring-projects.
the class NimbusJwtClientAuthenticationParametersConverterTests method convertWhenClientSecretJwtClientAuthenticationMethodThenCustomized.
@Test
public void convertWhenClientSecretJwtClientAuthenticationMethodThenCustomized() {
OctetSequenceKey secretJwk = TestJwks.DEFAULT_SECRET_JWK;
given(this.jwkResolver.apply(any())).willReturn(secretJwk);
// @formatter:off
ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_JWT).build();
// @formatter:on
OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(clientRegistration);
MultiValueMap<String, String> parameters = this.converter.convert(clientCredentialsGrantRequest);
assertThat(parameters.getFirst(OAuth2ParameterNames.CLIENT_ASSERTION_TYPE)).isEqualTo("urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
String encodedJws = parameters.getFirst(OAuth2ParameterNames.CLIENT_ASSERTION);
assertThat(encodedJws).isNotNull();
NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withSecretKey(secretJwk.toSecretKey()).build();
Jwt jws = jwtDecoder.decode(encodedJws);
assertThat(jws.getHeaders().get(JoseHeaderNames.ALG)).isEqualTo(MacAlgorithm.HS256.getName());
assertThat(jws.getHeaders().get(JoseHeaderNames.KID)).isEqualTo(secretJwk.getKeyID());
assertThat(jws.<String>getClaim(JwtClaimNames.ISS)).isEqualTo(clientRegistration.getClientId());
assertThat(jws.getSubject()).isEqualTo(clientRegistration.getClientId());
assertThat(jws.getAudience()).isEqualTo(Collections.singletonList(clientRegistration.getProviderDetails().getTokenUri()));
assertThat(jws.getId()).isNotNull();
assertThat(jws.getIssuedAt()).isNotNull();
assertThat(jws.getExpiresAt()).isNotNull();
}
Also used :
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
NimbusJwtDecoder(org.springframework.security.oauth2.jwt.NimbusJwtDecoder)
Jwt(org.springframework.security.oauth2.jwt.Jwt)
OctetSequenceKey(com.nimbusds.jose.jwk.OctetSequenceKey)
Test(org.junit.jupiter.api.Test)
Aggregations
Test (org.junit.jupiter.api.Test)28
ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)24
OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)16
RecordedRequest (okhttp3.mockwebserver.RecordedRequest)10
HttpHeaders (org.springframework.http.HttpHeaders)8
OAuth2AuthorizationException (org.springframework.security.oauth2.core.OAuth2AuthorizationException)5
MultiValueMap (org.springframework.util.MultiValueMap)5
JWK (com.nimbusds.jose.jwk.JWK)4
StandardCharsets (java.nio.charset.StandardCharsets)4
Instant (java.time.Instant)4
Function (java.util.function.Function)4
SecretKeySpec (javax.crypto.spec.SecretKeySpec)4
MockResponse (okhttp3.mockwebserver.MockResponse)4
MockWebServer (okhttp3.mockwebserver.MockWebServer)4
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)4
Assertions.assertThatExceptionOfType (org.assertj.core.api.Assertions.assertThatExceptionOfType)4
Assertions.assertThatIllegalArgumentException (org.assertj.core.api.Assertions.assertThatIllegalArgumentException)4
AfterEach (org.junit.jupiter.api.AfterEach)4
BeforeEach (org.junit.jupiter.api.BeforeEach)4
MediaType (org.springframework.http.MediaType)4
