use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest in project spring-security by spring-projects.
the class OidcReactiveOAuth2UserServiceTests method loadUserWhenCustomClaimTypeConverterFactorySetThenApplied.
@Test
public void loadUserWhenCustomClaimTypeConverterFactorySetThenApplied() {
Map<String, Object> attributes = new HashMap<>();
attributes.put(StandardClaimNames.SUB, "subject");
attributes.put("user", "rob");
OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes, "user");
given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User));
OidcUserRequest userRequest = userRequest();
Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> customClaimTypeConverterFactory = mock(Function.class);
this.userService.setClaimTypeConverterFactory(customClaimTypeConverterFactory);
given(customClaimTypeConverterFactory.apply(same(userRequest.getClientRegistration()))).willReturn(new ClaimTypeConverter(OidcReactiveOAuth2UserService.createDefaultClaimTypeConverters()));
this.userService.loadUser(userRequest).block().getUserInfo();
verify(customClaimTypeConverterFactory).apply(same(userRequest.getClientRegistration()));
}
use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest in project spring-security by spring-projects.
the class OidcReactiveOAuth2UserServiceTests method loadUserWhenTokenDoesNotContainScopesThenNoScopeAuthorities.
@Test
public void loadUserWhenTokenDoesNotContainScopesThenNoScopeAuthorities() {
OidcReactiveOAuth2UserService userService = new OidcReactiveOAuth2UserService();
OidcUserRequest request = new OidcUserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.noScopes(), TestOidcIdTokens.idToken().build());
OidcUser user = userService.loadUser(request).block();
assertThat(user.getAuthorities()).hasSize(1);
Iterator<? extends GrantedAuthority> authorities = user.getAuthorities().iterator();
assertThat(authorities.next()).isInstanceOf(OAuth2UserAuthority.class);
}
use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest in project dhis2-core by dhis2.
the class DhisOidcUserService method loadUser.
@Override
public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException {
ClientRegistration clientRegistration = userRequest.getClientRegistration();
DhisOidcClientRegistration oidcClientRegistration = clientRegistrationRepository.getDhisOidcClientRegistration(clientRegistration.getRegistrationId());
String mappingClaimKey = oidcClientRegistration.getMappingClaimKey();
OidcUser oidcUser = super.loadUser(userRequest);
OidcUserInfo userInfo = oidcUser.getUserInfo();
Map<String, Object> attributes = oidcUser.getAttributes();
Object claimValue = attributes.get(mappingClaimKey);
if (claimValue == null && userInfo != null) {
claimValue = userInfo.getClaim(mappingClaimKey);
}
if (log.isDebugEnabled()) {
log.debug(String.format("Trying to look up DHIS2 user with OidcUser mapping mappingClaimKey='%s', claim value='%s'", mappingClaimKey, claimValue));
}
if (claimValue != null) {
User user = userService.getUserByOpenId((String) claimValue);
if (user != null) {
return new DhisOidcUser(user, attributes, IdTokenClaimNames.SUB, oidcUser.getIdToken());
}
}
String errorMessage = String.format("Failed to look up DHIS2 user with OidcUser mapping mappingClaimKey='%s', claim value='%s'", mappingClaimKey, claimValue);
if (log.isDebugEnabled()) {
log.debug(errorMessage);
}
OAuth2Error oauth2Error = new OAuth2Error("could_not_map_oidc_user_to_dhis2_user", errorMessage, null);
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
}
Aggregations