Examples with AuthorizationGrantType org.springframework.security.oauth2.core.AuthorizationGrantType used on opensource projects

Example 11 with AuthorizationGrantType

use of org.springframework.security.oauth2.core.AuthorizationGrantType in project books by aidanwhiteley.

the class UserServiceTest method configureOauth.

private void configureOauth(String clientId, String name) {
    Map<String, Object> details = new LinkedHashMap<>();
    details.put("name", name);
    details.put(name, name);
    Set<GrantedAuthority> authorities = new HashSet<>();
    authorities.add(new SimpleGrantedAuthority("USER"));
    OAuth2User oauth2User = new DefaultOAuth2User(authorities, details, name);
    when(oauthToken.getName()).thenReturn(DUMMY);
    when(oauthToken.getAuthorizedClientRegistrationId()).thenReturn(DUMMY);
    when(oauthToken.getPrincipal()).thenReturn(oauth2User);
    OAuth2AuthorizedClient client = Mockito.mock(OAuth2AuthorizedClient.class);
    ClientRegistration.Builder builder = ClientRegistration.withRegistrationId(DUMMY);
    builder.clientId(clientId).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).clientSecret(DUMMY).redirectUriTemplate(DUMMY).scope(DUMMY).authorizationUri(DUMMY).tokenUri(DUMMY).clientName(DUMMY);
    ClientRegistration clientReg = builder.build();
    when(client.getClientRegistration()).thenReturn(clientReg);
    when(authorisedClientService.loadAuthorizedClient(any(String.class), any(String.class))).thenReturn(client);
}

Example 12 with AuthorizationGrantType

use of org.springframework.security.oauth2.core.AuthorizationGrantType in project spring-security by spring-projects.

the class ClientRegistrationsBeanDefinitionParser method getClientRegistrations.

private List<ClientRegistration> getClientRegistrations(Element element, ParserContext parserContext, Map<String, Map<String, String>> providers) {
    List<Element> clientRegistrationElts = DomUtils.getChildElementsByTagName(element, ELT_CLIENT_REGISTRATION);
    List<ClientRegistration> clientRegistrations = new ArrayList<>();
    for (Element clientRegistrationElt : clientRegistrationElts) {
        String registrationId = clientRegistrationElt.getAttribute(ATT_REGISTRATION_ID);
        String providerId = clientRegistrationElt.getAttribute(ATT_PROVIDER_ID);
        ClientRegistration.Builder builder = getBuilderFromIssuerIfPossible(parserContext, registrationId, providerId, providers);
        if (builder == null) {
            builder = getBuilder(parserContext, registrationId, providerId, providers);
            if (builder == null) {
                Object source = parserContext.extractSource(element);
                parserContext.getReaderContext().error(getErrorMessage(providerId, registrationId), source);
                // error on the config skip to next element
                continue;
            }
        }
        getOptionalIfNotEmpty(parserContext, clientRegistrationElt.getAttribute(ATT_CLIENT_ID)).ifPresent(builder::clientId);
        getOptionalIfNotEmpty(parserContext, clientRegistrationElt.getAttribute(ATT_CLIENT_SECRET)).ifPresent(builder::clientSecret);
        getOptionalIfNotEmpty(parserContext, clientRegistrationElt.getAttribute(ATT_CLIENT_AUTHENTICATION_METHOD)).map(ClientAuthenticationMethod::new).ifPresent(builder::clientAuthenticationMethod);
        getOptionalIfNotEmpty(parserContext, clientRegistrationElt.getAttribute(ATT_AUTHORIZATION_GRANT_TYPE)).map(AuthorizationGrantType::new).ifPresent(builder::authorizationGrantType);
        getOptionalIfNotEmpty(parserContext, clientRegistrationElt.getAttribute(ATT_REDIRECT_URI)).ifPresent(builder::redirectUri);
        getOptionalIfNotEmpty(parserContext, clientRegistrationElt.getAttribute(ATT_SCOPE)).map(StringUtils::commaDelimitedListToSet).ifPresent(builder::scope);
        getOptionalIfNotEmpty(parserContext, clientRegistrationElt.getAttribute(ATT_CLIENT_NAME)).ifPresent(builder::clientName);
        clientRegistrations.add(builder.build());
    }
    return clientRegistrations;
}

Example 13 with AuthorizationGrantType

use of org.springframework.security.oauth2.core.AuthorizationGrantType in project spring-security by spring-projects.

the class JwtBearerOAuth2AuthorizedClientProvider method authorize.

/**
 * Attempt to authorize (or re-authorize) the
 * {@link OAuth2AuthorizationContext#getClientRegistration() client} in the provided
 * {@code context}. Returns {@code null} if authorization (or re-authorization) is not
 * supported, e.g. the client's {@link ClientRegistration#getAuthorizationGrantType()
 * authorization grant type} is not {@link AuthorizationGrantType#JWT_BEARER
 * jwt-bearer} OR the {@link OAuth2AuthorizedClient#getAccessToken() access token} is
 * not expired.
 * @param context the context that holds authorization-specific state for the client
 * @return the {@link OAuth2AuthorizedClient} or {@code null} if authorization is not
 * supported
 */
@Override
@Nullable
public OAuth2AuthorizedClient authorize(OAuth2AuthorizationContext context) {
    Assert.notNull(context, "context cannot be null");
    ClientRegistration clientRegistration = context.getClientRegistration();
    if (!AuthorizationGrantType.JWT_BEARER.equals(clientRegistration.getAuthorizationGrantType())) {
        return null;
    }
    OAuth2AuthorizedClient authorizedClient = context.getAuthorizedClient();
    if (authorizedClient != null && !hasTokenExpired(authorizedClient.getAccessToken())) {
        // need for re-authorization
        return null;
    }
    Jwt jwt = this.jwtAssertionResolver.apply(context);
    if (jwt == null) {
        return null;
    }
    // As per spec, in section 4.1 Using Assertions as Authorization Grants
    // https://tools.ietf.org/html/rfc7521#section-4.1
    // 
    // An assertion used in this context is generally a short-lived
    // representation of the authorization grant, and authorization servers
    // SHOULD NOT issue access tokens with a lifetime that exceeds the
    // validity period of the assertion by a significant period. In
    // practice, that will usually mean that refresh tokens are not issued
    // in response to assertion grant requests, and access tokens will be
    // issued with a reasonably short lifetime. Clients can refresh an
    // expired access token by requesting a new one using the same
    // assertion, if it is still valid, or with a new assertion.
    JwtBearerGrantRequest jwtBearerGrantRequest = new JwtBearerGrantRequest(clientRegistration, jwt);
    OAuth2AccessTokenResponse tokenResponse = getTokenResponse(clientRegistration, jwtBearerGrantRequest);
    return new OAuth2AuthorizedClient(clientRegistration, context.getPrincipal().getName(), tokenResponse.getAccessToken());
}

Example 14 with AuthorizationGrantType

use of org.springframework.security.oauth2.core.AuthorizationGrantType in project spring-security by spring-projects.

the class OAuth2ClientCredentialsGrantRequestTests method constructorWhenClientRegistrationInvalidGrantTypeThenThrowIllegalArgumentException.

@Test
public void constructorWhenClientRegistrationInvalidGrantTypeThenThrowIllegalArgumentException() {
    // @formatter:off
    ClientRegistration clientRegistration = ClientRegistration.withRegistrationId("registration-1").clientId("client-1").authorizationGrantType(AuthorizationGrantType.IMPLICIT).redirectUri("https://localhost:8080/redirect-uri").authorizationUri("https://provider.com/oauth2/auth").clientName("Client 1").build();
    // @formatter:on
    assertThatIllegalArgumentException().isThrownBy(() -> new OAuth2ClientCredentialsGrantRequest(clientRegistration)).withMessage("clientRegistration.authorizationGrantType must be AuthorizationGrantType.CLIENT_CREDENTIALS");
}

Example 15 with AuthorizationGrantType

use of org.springframework.security.oauth2.core.AuthorizationGrantType in project spring-security by spring-projects.

the class JwtBearerGrantRequestEntityConverterTests method convertWhenGrantRequestValidThenConverts.

@SuppressWarnings("unchecked")
@Test
public void convertWhenGrantRequestValidThenConverts() {
    // @formatter:off
    ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().authorizationGrantType(AuthorizationGrantType.JWT_BEARER).scope("read", "write").build();
    // @formatter:on
    Jwt jwtAssertion = TestJwts.jwt().build();
    JwtBearerGrantRequest jwtBearerGrantRequest = new JwtBearerGrantRequest(clientRegistration, jwtAssertion);
    RequestEntity<?> requestEntity = this.converter.convert(jwtBearerGrantRequest);
    assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST);
    assertThat(requestEntity.getUrl().toASCIIString()).isEqualTo(clientRegistration.getProviderDetails().getTokenUri());
    HttpHeaders headers = requestEntity.getHeaders();
    assertThat(headers.getAccept()).contains(MediaType.valueOf(MediaType.APPLICATION_JSON_UTF8_VALUE));
    assertThat(headers.getContentType()).isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
    assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic ");
    MultiValueMap<String, String> formParameters = (MultiValueMap<String, String>) requestEntity.getBody();
    assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)).isEqualTo(AuthorizationGrantType.JWT_BEARER.getValue());
    assertThat(formParameters.getFirst(OAuth2ParameterNames.ASSERTION)).isEqualTo(jwtAssertion.getTokenValue());
    assertThat(formParameters.getFirst(OAuth2ParameterNames.SCOPE)).isEqualTo("read write");
}