Example 1 with OidcAuthorizationCodeAuthenticationProvider
use of org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider in project spring-security by spring-projects.
the class OAuth2LoginAuthenticationProvider method authenticate.
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
OAuth2LoginAuthenticationToken loginAuthenticationToken = (OAuth2LoginAuthenticationToken) authentication;
// REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
if (loginAuthenticationToken.getAuthorizationExchange().getAuthorizationRequest().getScopes().contains("openid")) {
// and let OidcAuthorizationCodeAuthenticationProvider handle it instead
return null;
}
OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthenticationToken;
try {
authorizationCodeAuthenticationToken = (OAuth2AuthorizationCodeAuthenticationToken) this.authorizationCodeAuthenticationProvider.authenticate(new OAuth2AuthorizationCodeAuthenticationToken(loginAuthenticationToken.getClientRegistration(), loginAuthenticationToken.getAuthorizationExchange()));
} catch (OAuth2AuthorizationException ex) {
OAuth2Error oauth2Error = ex.getError();
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), ex);
}
OAuth2AccessToken accessToken = authorizationCodeAuthenticationToken.getAccessToken();
Map<String, Object> additionalParameters = authorizationCodeAuthenticationToken.getAdditionalParameters();
OAuth2User oauth2User = this.userService.loadUser(new OAuth2UserRequest(loginAuthenticationToken.getClientRegistration(), accessToken, additionalParameters));
Collection<? extends GrantedAuthority> mappedAuthorities = this.authoritiesMapper.mapAuthorities(oauth2User.getAuthorities());
OAuth2LoginAuthenticationToken authenticationResult = new OAuth2LoginAuthenticationToken(loginAuthenticationToken.getClientRegistration(), loginAuthenticationToken.getAuthorizationExchange(), oauth2User, mappedAuthorities, accessToken, authorizationCodeAuthenticationToken.getRefreshToken());
authenticationResult.setDetails(loginAuthenticationToken.getDetails());
return authenticationResult;
}
Also used :
OAuth2AuthorizationException(org.springframework.security.oauth2.core.OAuth2AuthorizationException)
OAuth2User(org.springframework.security.oauth2.core.user.OAuth2User)
OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken)
OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error)
OAuth2UserRequest(org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest)
OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException)
Example 2 with OidcAuthorizationCodeAuthenticationProvider
use of org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider in project spring-security by spring-projects.
the class OidcAuthorizationCodeAuthenticationProviderTests method setUp.
@BeforeEach
@SuppressWarnings("unchecked")
public void setUp() {
this.clientRegistration = TestClientRegistrations.clientRegistration().clientId("client1").build();
Map<String, Object> attributes = new HashMap<>();
Map<String, Object> additionalParameters = new HashMap<>();
try {
String nonce = this.secureKeyGenerator.generateKey();
this.nonceHash = OidcAuthorizationCodeAuthenticationProvider.createHash(nonce);
attributes.put(OidcParameterNames.NONCE, nonce);
additionalParameters.put(OidcParameterNames.NONCE, this.nonceHash);
} catch (NoSuchAlgorithmException ex) {
}
// @formatter:off
this.authorizationRequest = TestOAuth2AuthorizationRequests.request().scope("openid", "profile", "email").attributes(attributes).additionalParameters(additionalParameters).build();
this.authorizationResponse = TestOAuth2AuthorizationResponses.success().build();
// @formatter:on
this.authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, this.authorizationResponse);
this.accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class);
this.accessTokenResponse = this.accessTokenSuccessResponse();
this.userService = mock(OAuth2UserService.class);
this.authenticationProvider = new OidcAuthorizationCodeAuthenticationProvider(this.accessTokenResponseClient, this.userService);
given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(this.accessTokenResponse);
}
Also used :
HashMap(java.util.HashMap)
OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange)
OAuth2UserService(org.springframework.security.oauth2.client.userinfo.OAuth2UserService)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
OAuth2AccessTokenResponseClient(org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Example 3 with OidcAuthorizationCodeAuthenticationProvider
use of org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider in project spring-security by spring-projects.
the class OAuth2LoginConfigurer method init.
@Override
public void init(B http) throws Exception {
OAuth2LoginAuthenticationFilter authenticationFilter = new OAuth2LoginAuthenticationFilter(OAuth2ClientConfigurerUtils.getClientRegistrationRepository(this.getBuilder()), OAuth2ClientConfigurerUtils.getAuthorizedClientRepository(this.getBuilder()), this.loginProcessingUrl);
this.setAuthenticationFilter(authenticationFilter);
super.loginProcessingUrl(this.loginProcessingUrl);
if (this.loginPage != null) {
// Set custom login page
super.loginPage(this.loginPage);
super.init(http);
} else {
Map<String, String> loginUrlToClientName = this.getLoginLinks();
if (loginUrlToClientName.size() == 1) {
// Setup auto-redirect to provider login page
// when only 1 client is configured
this.updateAuthenticationDefaults();
this.updateAccessDefaults(http);
String providerLoginPage = loginUrlToClientName.keySet().iterator().next();
this.registerAuthenticationEntryPoint(http, this.getLoginEntryPoint(http, providerLoginPage));
} else {
super.init(http);
}
}
OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient = this.tokenEndpointConfig.accessTokenResponseClient;
if (accessTokenResponseClient == null) {
accessTokenResponseClient = new DefaultAuthorizationCodeTokenResponseClient();
}
OAuth2UserService<OAuth2UserRequest, OAuth2User> oauth2UserService = getOAuth2UserService();
OAuth2LoginAuthenticationProvider oauth2LoginAuthenticationProvider = new OAuth2LoginAuthenticationProvider(accessTokenResponseClient, oauth2UserService);
GrantedAuthoritiesMapper userAuthoritiesMapper = this.getGrantedAuthoritiesMapper();
if (userAuthoritiesMapper != null) {
oauth2LoginAuthenticationProvider.setAuthoritiesMapper(userAuthoritiesMapper);
}
http.authenticationProvider(this.postProcess(oauth2LoginAuthenticationProvider));
boolean oidcAuthenticationProviderEnabled = ClassUtils.isPresent("org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader());
if (oidcAuthenticationProviderEnabled) {
OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService = getOidcUserService();
OidcAuthorizationCodeAuthenticationProvider oidcAuthorizationCodeAuthenticationProvider = new OidcAuthorizationCodeAuthenticationProvider(accessTokenResponseClient, oidcUserService);
JwtDecoderFactory<ClientRegistration> jwtDecoderFactory = this.getJwtDecoderFactoryBean();
if (jwtDecoderFactory != null) {
oidcAuthorizationCodeAuthenticationProvider.setJwtDecoderFactory(jwtDecoderFactory);
}
if (userAuthoritiesMapper != null) {
oidcAuthorizationCodeAuthenticationProvider.setAuthoritiesMapper(userAuthoritiesMapper);
}
http.authenticationProvider(this.postProcess(oidcAuthorizationCodeAuthenticationProvider));
} else {
http.authenticationProvider(new OidcAuthenticationRequestChecker());
}
this.initDefaultLoginFilter(http);
}
Also used :
OAuth2User(org.springframework.security.oauth2.core.user.OAuth2User)
OidcUserRequest(org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest)
OAuth2AuthorizationCodeGrantRequest(org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest)
OAuth2UserRequest(org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest)
OidcAuthorizationCodeAuthenticationProvider(org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider)
GrantedAuthoritiesMapper(org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper)
OidcUser(org.springframework.security.oauth2.core.oidc.user.OidcUser)
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
OAuth2LoginAuthenticationFilter(org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter)
DefaultAuthorizationCodeTokenResponseClient(org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient)
OAuth2LoginAuthenticationProvider(org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider)
Aggregations
OAuth2UserRequest (org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest)2
OAuth2User (org.springframework.security.oauth2.core.user.OAuth2User)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
HashMap (java.util.HashMap)1
BeforeEach (org.junit.jupiter.api.BeforeEach)1
ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)1
GrantedAuthoritiesMapper (org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper)1
OAuth2LoginAuthenticationProvider (org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider)1
DefaultAuthorizationCodeTokenResponseClient (org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient)1
OAuth2AccessTokenResponseClient (org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient)1
OAuth2AuthorizationCodeGrantRequest (org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest)1
OidcAuthorizationCodeAuthenticationProvider (org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider)1
OidcUserRequest (org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest)1
ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)1
OAuth2UserService (org.springframework.security.oauth2.client.userinfo.OAuth2UserService)1
OAuth2LoginAuthenticationFilter (org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter)1
OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)1
OAuth2AuthenticationException (org.springframework.security.oauth2.core.OAuth2AuthenticationException)1
OAuth2AuthorizationException (org.springframework.security.oauth2.core.OAuth2AuthorizationException)1
OAuth2Error (org.springframework.security.oauth2.core.OAuth2Error)1
