Search in sources :

Example 11 with OidcUserRequest

use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest in project spring-security by spring-projects.

the class OidcUserServiceTests method loadUserWhenUserInfoSuccessResponseThenAcceptHeaderJson.

// gh-5294
@Test
public void loadUserWhenUserInfoSuccessResponseThenAcceptHeaderJson() throws Exception {
    // @formatter:off
    String userInfoResponse = "{\n" + "   \"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n" + "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n" + "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
    // @formatter:on
    this.server.enqueue(jsonResponse(userInfoResponse));
    String userInfoUri = this.server.url("/user").toString();
    ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
    this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
    assertThat(this.server.takeRequest(1, TimeUnit.SECONDS).getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE);
}
Also used : ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) Test(org.junit.jupiter.api.Test)

Example 12 with OidcUserRequest

use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest in project spring-security by spring-projects.

the class OidcUserServiceTests method loadUserWhenServerErrorThenThrowOAuth2AuthenticationException.

@Test
public void loadUserWhenServerErrorThenThrowOAuth2AuthenticationException() {
    this.server.enqueue(new MockResponse().setResponseCode(500));
    String userInfoUri = this.server.url("/user").toString();
    ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
    assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken))).withMessageContaining("[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 500 Server Error");
}
Also used : MockResponse(okhttp3.mockwebserver.MockResponse) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) Test(org.junit.jupiter.api.Test)

Example 13 with OidcUserRequest

use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest in project spring-security by spring-projects.

the class OidcUserServiceTests method loadUserWhenAuthenticationMethodHeaderSuccessResponseThenHttpMethodGet.

// gh-5500
@Test
public void loadUserWhenAuthenticationMethodHeaderSuccessResponseThenHttpMethodGet() throws Exception {
    // @formatter:off
    String userInfoResponse = "{\n" + "   \"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n" + "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n" + "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
    // @formatter:on
    this.server.enqueue(jsonResponse(userInfoResponse));
    String userInfoUri = this.server.url("/user").toString();
    ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
    this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
    RecordedRequest request = this.server.takeRequest();
    assertThat(request.getMethod()).isEqualTo(HttpMethod.GET.name());
    assertThat(request.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE);
    assertThat(request.getHeader(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer " + this.accessToken.getTokenValue());
}
Also used : RecordedRequest(okhttp3.mockwebserver.RecordedRequest) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) Test(org.junit.jupiter.api.Test)

Example 14 with OidcUserRequest

use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest in project spring-security by spring-projects.

the class OidcUserServiceTests method loadUserWhenUserInfoSuccessResponseAndUserInfoSubjectIsNullThenThrowOAuth2AuthenticationException.

// gh-5447
@Test
public void loadUserWhenUserInfoSuccessResponseAndUserInfoSubjectIsNullThenThrowOAuth2AuthenticationException() {
    // @formatter:off
    String userInfoResponse = "{\n" + "   \"email\": \"full_name@provider.com\",\n" + "   \"name\": \"full name\"\n" + "}\n";
    // @formatter:on
    this.server.enqueue(jsonResponse(userInfoResponse));
    String userInfoUri = this.server.url("/user").toString();
    ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).userNameAttributeName(StandardClaimNames.EMAIL).build();
    assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken))).withMessageContaining("invalid_user_info_response");
}
Also used : ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) Test(org.junit.jupiter.api.Test)

Example 15 with OidcUserRequest

use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest in project spring-security by spring-projects.

the class OidcUserServiceTests method loadUserWhenStandardScopesAuthorizedThenUserInfoEndpointRequested.

// gh-6886
@Test
public void loadUserWhenStandardScopesAuthorizedThenUserInfoEndpointRequested() {
    // @formatter:off
    String userInfoResponse = "{\n" + "	\"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n" + "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n" + "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
    // @formatter:on
    this.server.enqueue(jsonResponse(userInfoResponse));
    String userInfoUri = this.server.url("/user").toString();
    ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
    OidcUser user = this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
    assertThat(user.getUserInfo()).isNotNull();
}
Also used : ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) OidcUser(org.springframework.security.oauth2.core.oidc.user.OidcUser) Test(org.junit.jupiter.api.Test)

Aggregations

Test (org.junit.jupiter.api.Test)25 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)23 OidcUser (org.springframework.security.oauth2.core.oidc.user.OidcUser)20 OidcUserRequest (org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest)8 OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)7 OAuth2AuthenticationException (org.springframework.security.oauth2.core.OAuth2AuthenticationException)7 GrantedAuthority (org.springframework.security.core.GrantedAuthority)6 OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)6 OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)6 OAuth2AuthorizationResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)6 HashMap (java.util.HashMap)5 OAuth2LoginAuthenticationToken (org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)5 OAuth2AuthorizationCodeGrantRequest (org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest)5 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 Base64 (java.util.Base64)4 Map (java.util.Map)4 GrantedAuthoritiesMapper (org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper)4 OAuth2User (org.springframework.security.oauth2.core.user.OAuth2User)4 Arrays (java.util.Arrays)3 Collections (java.util.Collections)3