use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest in project spring-security by spring-projects.
the class OidcReactiveOAuth2UserServiceTests method loadUserWhenTokenContainsScopesThenIndividualScopeAuthorities.
@Test
public void loadUserWhenTokenContainsScopesThenIndividualScopeAuthorities() {
OidcReactiveOAuth2UserService userService = new OidcReactiveOAuth2UserService();
OidcUserRequest request = new OidcUserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.scopes("message:read", "message:write"), TestOidcIdTokens.idToken().build());
OidcUser user = userService.loadUser(request).block();
assertThat(user.getAuthorities()).hasSize(3);
Iterator<? extends GrantedAuthority> authorities = user.getAuthorities().iterator();
assertThat(authorities.next()).isInstanceOf(OAuth2UserAuthority.class);
assertThat(authorities.next()).isEqualTo(new SimpleGrantedAuthority("SCOPE_message:read"));
assertThat(authorities.next()).isEqualTo(new SimpleGrantedAuthority("SCOPE_message:write"));
}
use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest in project spring-security by spring-projects.
the class OidcUserServiceTests method loadUserWhenNonStandardScopesAuthorizedAndAccessibleScopesEmptyThenUserInfoEndpointRequested.
// gh-6886
@Test
public void loadUserWhenNonStandardScopesAuthorizedAndAccessibleScopesEmptyThenUserInfoEndpointRequested() {
// @formatter:off
String userInfoResponse = "{\n" + " \"sub\": \"subject1\",\n" + " \"name\": \"first last\",\n" + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n";
// @formatter:on
this.server.enqueue(jsonResponse(userInfoResponse));
String userInfoUri = this.server.url("/user").toString();
ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
this.accessToken = TestOAuth2AccessTokens.scopes("scope1", "scope2");
this.userService.setAccessibleScopes(Collections.emptySet());
OidcUser user = this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
assertThat(user.getUserInfo()).isNotNull();
}
use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest in project spring-security by spring-projects.
the class OidcUserServiceTests method loadUserWhenUserInfoSuccessResponseThenReturnUser.
@Test
public void loadUserWhenUserInfoSuccessResponseThenReturnUser() {
// @formatter:off
String userInfoResponse = "{\n" + " \"sub\": \"subject1\",\n" + " \"name\": \"first last\",\n" + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n";
// @formatter:on
this.server.enqueue(jsonResponse(userInfoResponse));
String userInfoUri = this.server.url("/user").toString();
ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
OidcUser user = this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
assertThat(user.getIdToken()).isNotNull();
assertThat(user.getUserInfo()).isNotNull();
assertThat(user.getUserInfo().getClaims().size()).isEqualTo(6);
assertThat(user.getIdToken()).isEqualTo(this.idToken);
assertThat(user.getName()).isEqualTo("subject1");
assertThat(user.getUserInfo().getSubject()).isEqualTo("subject1");
assertThat(user.getUserInfo().getFullName()).isEqualTo("first last");
assertThat(user.getUserInfo().getGivenName()).isEqualTo("first");
assertThat(user.getUserInfo().getFamilyName()).isEqualTo("last");
assertThat(user.getUserInfo().getPreferredUsername()).isEqualTo("user1");
assertThat(user.getUserInfo().getEmail()).isEqualTo("user1@example.com");
assertThat(user.getAuthorities().size()).isEqualTo(3);
assertThat(user.getAuthorities().iterator().next()).isInstanceOf(OidcUserAuthority.class);
OidcUserAuthority userAuthority = (OidcUserAuthority) user.getAuthorities().iterator().next();
assertThat(userAuthority.getAuthority()).isEqualTo("ROLE_USER");
assertThat(userAuthority.getIdToken()).isEqualTo(user.getIdToken());
assertThat(userAuthority.getUserInfo()).isEqualTo(user.getUserInfo());
}
use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest in project spring-security by spring-projects.
the class OidcUserServiceTests method loadUserWhenNonStandardScopesAuthorizedThenUserInfoEndpointNotRequested.
@Test
public void loadUserWhenNonStandardScopesAuthorizedThenUserInfoEndpointNotRequested() {
ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri("https://provider.com/user").build();
this.accessToken = TestOAuth2AccessTokens.scopes("scope1", "scope2");
OidcUser user = this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
assertThat(user.getUserInfo()).isNull();
}
use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest in project spring-security by spring-projects.
the class OidcUserServiceTests method loadUserWhenUserInfoSuccessResponseAndUserInfoSubjectNotSameAsIdTokenSubjectThenThrowOAuth2AuthenticationException.
@Test
public void loadUserWhenUserInfoSuccessResponseAndUserInfoSubjectNotSameAsIdTokenSubjectThenThrowOAuth2AuthenticationException() {
String userInfoResponse = "{\n" + " \"sub\": \"other-subject\"\n" + "}\n";
this.server.enqueue(jsonResponse(userInfoResponse));
String userInfoUri = this.server.url("/user").toString();
ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken))).withMessageContaining("invalid_user_info_response");
}
Aggregations