Search in sources :

Example 1 with OAuth2UserRequest

use of org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest in project spring-security by spring-projects.

the class OAuth2LoginAuthenticationProvider method authenticate.

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    OAuth2LoginAuthenticationToken loginAuthenticationToken = (OAuth2LoginAuthenticationToken) authentication;
    // REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
    if (loginAuthenticationToken.getAuthorizationExchange().getAuthorizationRequest().getScopes().contains("openid")) {
        // and let OidcAuthorizationCodeAuthenticationProvider handle it instead
        return null;
    }
    OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthenticationToken;
    try {
        authorizationCodeAuthenticationToken = (OAuth2AuthorizationCodeAuthenticationToken) this.authorizationCodeAuthenticationProvider.authenticate(new OAuth2AuthorizationCodeAuthenticationToken(loginAuthenticationToken.getClientRegistration(), loginAuthenticationToken.getAuthorizationExchange()));
    } catch (OAuth2AuthorizationException ex) {
        OAuth2Error oauth2Error = ex.getError();
        throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), ex);
    }
    OAuth2AccessToken accessToken = authorizationCodeAuthenticationToken.getAccessToken();
    Map<String, Object> additionalParameters = authorizationCodeAuthenticationToken.getAdditionalParameters();
    OAuth2User oauth2User = this.userService.loadUser(new OAuth2UserRequest(loginAuthenticationToken.getClientRegistration(), accessToken, additionalParameters));
    Collection<? extends GrantedAuthority> mappedAuthorities = this.authoritiesMapper.mapAuthorities(oauth2User.getAuthorities());
    OAuth2LoginAuthenticationToken authenticationResult = new OAuth2LoginAuthenticationToken(loginAuthenticationToken.getClientRegistration(), loginAuthenticationToken.getAuthorizationExchange(), oauth2User, mappedAuthorities, accessToken, authorizationCodeAuthenticationToken.getRefreshToken());
    authenticationResult.setDetails(loginAuthenticationToken.getDetails());
    return authenticationResult;
}
Also used : OAuth2AuthorizationException(org.springframework.security.oauth2.core.OAuth2AuthorizationException) OAuth2User(org.springframework.security.oauth2.core.user.OAuth2User) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) OAuth2UserRequest(org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException)

Example 2 with OAuth2UserRequest

use of org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest in project spring-security by spring-projects.

the class DefaultOAuth2UserServiceTests method loadUserWhenUserInfoSuccessResponseInvalidThenThrowOAuth2AuthenticationException.

@Test
public void loadUserWhenUserInfoSuccessResponseInvalidThenThrowOAuth2AuthenticationException() {
    // @formatter:off
    String userInfoResponse = "{\n" + "	\"user-name\": \"user1\",\n" + "   \"first-name\": \"first\",\n" + "   \"last-name\": \"last\",\n" + "   \"middle-name\": \"middle\",\n" + "   \"address\": \"address\",\n" + "   \"email\": \"user1@example.com\"\n";
    // "}\n"; // Make the JSON invalid/malformed
    // @formatter:on
    this.server.enqueue(jsonResponse(userInfoResponse));
    String userInfoUri = this.server.url("/user").toString();
    ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build();
    assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))).withMessageContaining("[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource");
}
Also used : ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) Test(org.junit.jupiter.api.Test)

Example 3 with OAuth2UserRequest

use of org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest in project spring-security by spring-projects.

the class DefaultOAuth2UserServiceTests method loadUserWhenUserInfoUriIsNullThenThrowOAuth2AuthenticationException.

@Test
public void loadUserWhenUserInfoUriIsNullThenThrowOAuth2AuthenticationException() {
    ClientRegistration clientRegistration = this.clientRegistrationBuilder.build();
    assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))).withMessageContaining("missing_user_info_uri");
}
Also used : ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) Test(org.junit.jupiter.api.Test)

Example 4 with OAuth2UserRequest

use of org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest in project spring-security by spring-projects.

the class DefaultOAuth2UserServiceTests method loadUserWhenUserInfoErrorResponseThenThrowOAuth2AuthenticationException.

@Test
public void loadUserWhenUserInfoErrorResponseThenThrowOAuth2AuthenticationException() {
    // @formatter:off
    String userInfoErrorResponse = "{\n" + "   \"error\": \"invalid_token\"\n" + "}\n";
    // @formatter:on
    this.server.enqueue(jsonResponse(userInfoErrorResponse).setResponseCode(400));
    String userInfoUri = this.server.url("/user").toString();
    ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build();
    assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))).withMessageContaining("[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource").withMessageContaining("Error Code: invalid_token");
}
Also used : ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) Test(org.junit.jupiter.api.Test)

Example 5 with OAuth2UserRequest

use of org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest in project spring-security by spring-projects.

the class DefaultOAuth2UserServiceTests method loadUserWhenTokenContainsScopesThenIndividualScopeAuthorities.

@Test
public void loadUserWhenTokenContainsScopesThenIndividualScopeAuthorities() {
    Map<String, Object> body = new HashMap<>();
    body.put("id", "id");
    DefaultOAuth2UserService userService = withMockResponse(body);
    OAuth2UserRequest request = new OAuth2UserRequest(TestClientRegistrations.clientRegistration().build(), TestOAuth2AccessTokens.scopes("message:read", "message:write"));
    OAuth2User user = userService.loadUser(request);
    assertThat(user.getAuthorities()).hasSize(3);
    Iterator<? extends GrantedAuthority> authorities = user.getAuthorities().iterator();
    assertThat(authorities.next()).isInstanceOf(OAuth2UserAuthority.class);
    assertThat(authorities.next()).isEqualTo(new SimpleGrantedAuthority("SCOPE_message:read"));
    assertThat(authorities.next()).isEqualTo(new SimpleGrantedAuthority("SCOPE_message:write"));
}
Also used : OAuth2User(org.springframework.security.oauth2.core.user.OAuth2User) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) HashMap(java.util.HashMap) Test(org.junit.jupiter.api.Test)

Aggregations

Test (org.junit.jupiter.api.Test)28 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)22 OAuth2User (org.springframework.security.oauth2.core.user.OAuth2User)16 HashMap (java.util.HashMap)6 OAuth2UserRequest (org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest)6 OAuth2AuthenticationException (org.springframework.security.oauth2.core.OAuth2AuthenticationException)6 OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)5 MockResponse (okhttp3.mockwebserver.MockResponse)4 HttpHeaders (org.springframework.http.HttpHeaders)4 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)4 OAuth2UserAuthority (org.springframework.security.oauth2.core.user.OAuth2UserAuthority)4 Map (java.util.Map)3 GrantedAuthority (org.springframework.security.core.GrantedAuthority)3 OAuth2Error (org.springframework.security.oauth2.core.OAuth2Error)3 DefaultOAuth2User (org.springframework.security.oauth2.core.user.DefaultOAuth2User)3 LinkedHashSet (java.util.LinkedHashSet)2 Set (java.util.Set)2 RecordedRequest (okhttp3.mockwebserver.RecordedRequest)2 GrantedAuthoritiesMapper (org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper)2 OAuth2AuthorizationCodeGrantRequest (org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest)2