Search in sources :

Example 31 with OidcUserRequest

use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest in project spring-security by spring-projects.

the class OidcReactiveOAuth2UserServiceTests method loadUserWhenCustomClaimTypeConverterFactorySetThenApplied.

@Test
public void loadUserWhenCustomClaimTypeConverterFactorySetThenApplied() {
    Map<String, Object> attributes = new HashMap<>();
    attributes.put(StandardClaimNames.SUB, "subject");
    attributes.put("user", "rob");
    OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes, "user");
    given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User));
    OidcUserRequest userRequest = userRequest();
    Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> customClaimTypeConverterFactory = mock(Function.class);
    this.userService.setClaimTypeConverterFactory(customClaimTypeConverterFactory);
    given(customClaimTypeConverterFactory.apply(same(userRequest.getClientRegistration()))).willReturn(new ClaimTypeConverter(OidcReactiveOAuth2UserService.createDefaultClaimTypeConverters()));
    this.userService.loadUser(userRequest).block().getUserInfo();
    verify(customClaimTypeConverterFactory).apply(same(userRequest.getClientRegistration()));
}
Also used : DefaultOAuth2User(org.springframework.security.oauth2.core.user.DefaultOAuth2User) OAuth2User(org.springframework.security.oauth2.core.user.OAuth2User) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) HashMap(java.util.HashMap) ClaimTypeConverter(org.springframework.security.oauth2.core.converter.ClaimTypeConverter) Converter(org.springframework.core.convert.converter.Converter) DefaultOAuth2User(org.springframework.security.oauth2.core.user.DefaultOAuth2User) ClaimTypeConverter(org.springframework.security.oauth2.core.converter.ClaimTypeConverter) Test(org.junit.jupiter.api.Test)

Example 32 with OidcUserRequest

use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest in project spring-security by spring-projects.

the class OidcReactiveOAuth2UserServiceTests method loadUserWhenTokenDoesNotContainScopesThenNoScopeAuthorities.

@Test
public void loadUserWhenTokenDoesNotContainScopesThenNoScopeAuthorities() {
    OidcReactiveOAuth2UserService userService = new OidcReactiveOAuth2UserService();
    OidcUserRequest request = new OidcUserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.noScopes(), TestOidcIdTokens.idToken().build());
    OidcUser user = userService.loadUser(request).block();
    assertThat(user.getAuthorities()).hasSize(1);
    Iterator<? extends GrantedAuthority> authorities = user.getAuthorities().iterator();
    assertThat(authorities.next()).isInstanceOf(OAuth2UserAuthority.class);
}
Also used : OidcUser(org.springframework.security.oauth2.core.oidc.user.OidcUser) Test(org.junit.jupiter.api.Test)

Example 33 with OidcUserRequest

use of org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest in project dhis2-core by dhis2.

the class DhisOidcUserService method loadUser.

@Override
public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException {
    ClientRegistration clientRegistration = userRequest.getClientRegistration();
    DhisOidcClientRegistration oidcClientRegistration = clientRegistrationRepository.getDhisOidcClientRegistration(clientRegistration.getRegistrationId());
    String mappingClaimKey = oidcClientRegistration.getMappingClaimKey();
    OidcUser oidcUser = super.loadUser(userRequest);
    OidcUserInfo userInfo = oidcUser.getUserInfo();
    Map<String, Object> attributes = oidcUser.getAttributes();
    Object claimValue = attributes.get(mappingClaimKey);
    if (claimValue == null && userInfo != null) {
        claimValue = userInfo.getClaim(mappingClaimKey);
    }
    if (log.isDebugEnabled()) {
        log.debug(String.format("Trying to look up DHIS2 user with OidcUser mapping mappingClaimKey='%s', claim value='%s'", mappingClaimKey, claimValue));
    }
    if (claimValue != null) {
        User user = userService.getUserByOpenId((String) claimValue);
        if (user != null) {
            return new DhisOidcUser(user, attributes, IdTokenClaimNames.SUB, oidcUser.getIdToken());
        }
    }
    String errorMessage = String.format("Failed to look up DHIS2 user with OidcUser mapping mappingClaimKey='%s', claim value='%s'", mappingClaimKey, claimValue);
    if (log.isDebugEnabled()) {
        log.debug(errorMessage);
    }
    OAuth2Error oauth2Error = new OAuth2Error("could_not_map_oidc_user_to_dhis2_user", errorMessage, null);
    throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
}
Also used : ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) OidcUser(org.springframework.security.oauth2.core.oidc.user.OidcUser) User(org.hisp.dhis.user.User) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) OidcUserInfo(org.springframework.security.oauth2.core.oidc.OidcUserInfo) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) OidcUser(org.springframework.security.oauth2.core.oidc.user.OidcUser)

Aggregations

Test (org.junit.jupiter.api.Test)25 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)23 OidcUser (org.springframework.security.oauth2.core.oidc.user.OidcUser)20 OidcUserRequest (org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest)8 OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)7 OAuth2AuthenticationException (org.springframework.security.oauth2.core.OAuth2AuthenticationException)7 GrantedAuthority (org.springframework.security.core.GrantedAuthority)6 OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)6 OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)6 OAuth2AuthorizationResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)6 HashMap (java.util.HashMap)5 OAuth2LoginAuthenticationToken (org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)5 OAuth2AuthorizationCodeGrantRequest (org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest)5 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 Base64 (java.util.Base64)4 Map (java.util.Map)4 GrantedAuthoritiesMapper (org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper)4 OAuth2User (org.springframework.security.oauth2.core.user.OAuth2User)4 Arrays (java.util.Arrays)3 Collections (java.util.Collections)3