Example 21 with OidcUserRequest
use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest in project spring-security by spring-projects.
the class OidcUserServiceTests method loadUserWhenUserInfoSuccessResponseInvalidThenThrowOAuth2AuthenticationException.
@Test
public void loadUserWhenUserInfoSuccessResponseInvalidThenThrowOAuth2AuthenticationException() {
// @formatter:off
String userInfoResponse = "{\n" + " \"sub\": \"subject1\",\n" + " \"name\": \"first last\",\n" + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n";
// "}\n"; // Make the JSON invalid/malformed
// @formatter:on
this.server.enqueue(jsonResponse(userInfoResponse));
String userInfoUri = this.server.url("/user").toString();
ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken))).withMessageContaining("[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource");
}
Also used :
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
Test(org.junit.jupiter.api.Test)
Example 22 with OidcUserRequest
use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest in project spring-security by spring-projects.
the class OidcUserServiceTests method loadUserWhenAuthenticationMethodFormSuccessResponseThenHttpMethodPost.
// gh-5500
@Test
public void loadUserWhenAuthenticationMethodFormSuccessResponseThenHttpMethodPost() throws Exception {
// @formatter:off
String userInfoResponse = "{\n" + " \"sub\": \"subject1\",\n" + " \"name\": \"first last\",\n" + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n";
// @formatter:on
this.server.enqueue(jsonResponse(userInfoResponse));
String userInfoUri = this.server.url("/user").toString();
ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).userInfoAuthenticationMethod(AuthenticationMethod.FORM).build();
this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
RecordedRequest request = this.server.takeRequest();
assertThat(request.getMethod()).isEqualTo(HttpMethod.POST.name());
assertThat(request.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE);
assertThat(request.getHeader(HttpHeaders.CONTENT_TYPE)).contains(MediaType.APPLICATION_FORM_URLENCODED_VALUE);
assertThat(request.getBody().readUtf8()).isEqualTo("access_token=" + this.accessToken.getTokenValue());
}
Also used :
RecordedRequest(okhttp3.mockwebserver.RecordedRequest)
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
Test(org.junit.jupiter.api.Test)
Example 23 with OidcUserRequest
use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest in project spring-security by spring-projects.
the class OidcUserServiceTests method loadUserWhenCustomUserNameAttributeNameThenGetNameReturnsCustomUserName.
@Test
public void loadUserWhenCustomUserNameAttributeNameThenGetNameReturnsCustomUserName() {
// @formatter:off
String userInfoResponse = "{\n" + " \"sub\": \"subject1\",\n" + " \"name\": \"first last\",\n" + " \"given_name\": \"first\",\n" + " \"family_name\": \"last\",\n" + " \"preferred_username\": \"user1\",\n" + " \"email\": \"user1@example.com\"\n" + "}\n";
// @formatter:on
this.server.enqueue(jsonResponse(userInfoResponse));
String userInfoUri = this.server.url("/user").toString();
ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).userNameAttributeName(StandardClaimNames.EMAIL).build();
OidcUser user = this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
assertThat(user.getName()).isEqualTo("user1@example.com");
}
Also used :
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
OidcUser(org.springframework.security.oauth2.core.oidc.user.OidcUser)
Test(org.junit.jupiter.api.Test)
Example 24 with OidcUserRequest
use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest in project spring-security by spring-projects.
the class OidcUserServiceTests method loadUserWhenTokenDoesNotContainScopesThenNoScopeAuthorities.
@Test
public void loadUserWhenTokenDoesNotContainScopesThenNoScopeAuthorities() {
OidcUserService userService = new OidcUserService();
OidcUserRequest request = new OidcUserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.noScopes(), TestOidcIdTokens.idToken().build());
OidcUser user = userService.loadUser(request);
assertThat(user.getAuthorities()).hasSize(1);
Iterator<? extends GrantedAuthority> authorities = user.getAuthorities().iterator();
assertThat(authorities.next()).isInstanceOf(OidcUserAuthority.class);
}Example 25 with OidcUserRequest
use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest in project spring-security by spring-projects.
the class OidcUserServiceTests method loadUserWhenUserInfoUriIsNullThenUserInfoEndpointNotRequested.
@Test
public void loadUserWhenUserInfoUriIsNullThenUserInfoEndpointNotRequested() {
OidcUser user = this.userService.loadUser(new OidcUserRequest(this.clientRegistrationBuilder.build(), this.accessToken, this.idToken));
assertThat(user.getUserInfo()).isNull();
}Aggregations
Test (org.junit.jupiter.api.Test)25
ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)23
OidcUser (org.springframework.security.oauth2.core.oidc.user.OidcUser)20
OidcUserRequest (org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest)8
OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)7
OAuth2AuthenticationException (org.springframework.security.oauth2.core.OAuth2AuthenticationException)7
GrantedAuthority (org.springframework.security.core.GrantedAuthority)6
OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)6
OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)6
OAuth2AuthorizationResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)6
HashMap (java.util.HashMap)5
OAuth2LoginAuthenticationToken (org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)5
OAuth2AuthorizationCodeGrantRequest (org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest)5
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4
Base64 (java.util.Base64)4
Map (java.util.Map)4
GrantedAuthoritiesMapper (org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper)4
OAuth2User (org.springframework.security.oauth2.core.user.OAuth2User)4
Arrays (java.util.Arrays)3
Collections (java.util.Collections)3
