Example 61 with TokenType
use of org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType in project spring-authorization-server by spring-projects.
the class OAuth2TokenRevocationTests method requestWhenRevokeRefreshTokenThenRevoked.
@Test
public void requestWhenRevokeRefreshTokenThenRevoked() throws Exception {
this.spring.register(AuthorizationServerConfiguration.class).autowire();
RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
this.registeredClientRepository.save(registeredClient);
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
OAuth2RefreshToken token = authorization.getRefreshToken().getToken();
OAuth2TokenType tokenType = OAuth2TokenType.REFRESH_TOKEN;
this.authorizationService.save(authorization);
this.mvc.perform(post(DEFAULT_TOKEN_REVOCATION_ENDPOINT_URI).params(getTokenRevocationRequestParameters(token, tokenType)).header(HttpHeaders.AUTHORIZATION, "Basic " + encodeBasicAuth(registeredClient.getClientId(), registeredClient.getClientSecret()))).andExpect(status().isOk());
OAuth2Authorization updatedAuthorization = this.authorizationService.findById(authorization.getId());
OAuth2Authorization.Token<OAuth2RefreshToken> refreshToken = updatedAuthorization.getRefreshToken();
assertThat(refreshToken.isInvalidated()).isTrue();
OAuth2Authorization.Token<OAuth2AccessToken> accessToken = updatedAuthorization.getAccessToken();
assertThat(accessToken.isInvalidated()).isTrue();
}
Also used :
OAuth2TokenType(org.springframework.security.oauth2.core.OAuth2TokenType)
OAuth2RefreshToken(org.springframework.security.oauth2.core.OAuth2RefreshToken)
OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken)
OAuth2Authorization(org.springframework.security.oauth2.server.authorization.OAuth2Authorization)
OAuth2AuthorizationServerConfiguration(org.springframework.security.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration)
RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient)
Test(org.junit.Test)
Example 62 with TokenType
use of org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType in project spring-authorization-server by spring-projects.
the class OAuth2TokenRevocationTests method requestWhenRevokeAccessTokenThenRevoked.
@Test
public void requestWhenRevokeAccessTokenThenRevoked() throws Exception {
this.spring.register(AuthorizationServerConfiguration.class).autowire();
RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
this.registeredClientRepository.save(registeredClient);
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
OAuth2AccessToken token = authorization.getAccessToken().getToken();
OAuth2TokenType tokenType = OAuth2TokenType.ACCESS_TOKEN;
this.authorizationService.save(authorization);
this.mvc.perform(post(DEFAULT_TOKEN_REVOCATION_ENDPOINT_URI).params(getTokenRevocationRequestParameters(token, tokenType)).header(HttpHeaders.AUTHORIZATION, "Basic " + encodeBasicAuth(registeredClient.getClientId(), registeredClient.getClientSecret()))).andExpect(status().isOk());
OAuth2Authorization updatedAuthorization = this.authorizationService.findById(authorization.getId());
OAuth2Authorization.Token<OAuth2AccessToken> accessToken = updatedAuthorization.getAccessToken();
assertThat(accessToken.isInvalidated()).isTrue();
OAuth2Authorization.Token<OAuth2RefreshToken> refreshToken = updatedAuthorization.getRefreshToken();
assertThat(refreshToken.isInvalidated()).isFalse();
}
Also used :
OAuth2TokenType(org.springframework.security.oauth2.core.OAuth2TokenType)
OAuth2RefreshToken(org.springframework.security.oauth2.core.OAuth2RefreshToken)
OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken)
OAuth2Authorization(org.springframework.security.oauth2.server.authorization.OAuth2Authorization)
OAuth2AuthorizationServerConfiguration(org.springframework.security.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration)
RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient)
Test(org.junit.Test)
Example 63 with TokenType
use of org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType in project spring-authorization-server by spring-projects.
the class OAuth2ClientCredentialsAuthenticationProvider method authenticate.
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
OAuth2ClientCredentialsAuthenticationToken clientCredentialsAuthentication = (OAuth2ClientCredentialsAuthenticationToken) authentication;
OAuth2ClientAuthenticationToken clientPrincipal = getAuthenticatedClientElseThrowInvalidClient(clientCredentialsAuthentication);
RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();
if (!registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.CLIENT_CREDENTIALS)) {
throw new OAuth2AuthenticationException(OAuth2ErrorCodes.UNAUTHORIZED_CLIENT);
}
// Default to configured scopes
Set<String> authorizedScopes = registeredClient.getScopes();
if (!CollectionUtils.isEmpty(clientCredentialsAuthentication.getScopes())) {
for (String requestedScope : clientCredentialsAuthentication.getScopes()) {
if (!registeredClient.getScopes().contains(requestedScope)) {
throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_SCOPE);
}
}
authorizedScopes = new LinkedHashSet<>(clientCredentialsAuthentication.getScopes());
}
// @formatter:off
OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder().registeredClient(registeredClient).principal(clientPrincipal).providerContext(ProviderContextHolder.getProviderContext()).authorizedScopes(authorizedScopes).tokenType(OAuth2TokenType.ACCESS_TOKEN).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).authorizationGrant(clientCredentialsAuthentication).build();
// @formatter:on
OAuth2Token generatedAccessToken = this.tokenGenerator.generate(tokenContext);
if (generatedAccessToken == null) {
OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR, "The token generator failed to generate the access token.", ERROR_URI);
throw new OAuth2AuthenticationException(error);
}
OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, generatedAccessToken.getTokenValue(), generatedAccessToken.getIssuedAt(), generatedAccessToken.getExpiresAt(), tokenContext.getAuthorizedScopes());
// @formatter:off
OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.withRegisteredClient(registeredClient).principalName(clientPrincipal.getName()).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).attribute(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME, authorizedScopes);
// @formatter:on
if (generatedAccessToken instanceof ClaimAccessor) {
authorizationBuilder.token(accessToken, (metadata) -> metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, ((ClaimAccessor) generatedAccessToken).getClaims()));
} else {
authorizationBuilder.accessToken(accessToken);
}
OAuth2Authorization authorization = authorizationBuilder.build();
this.authorizationService.save(authorization);
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, accessToken);
}
Also used :
OAuth2Token(org.springframework.security.oauth2.core.OAuth2Token)
OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error)
OAuth2Authorization(org.springframework.security.oauth2.server.authorization.OAuth2Authorization)
RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient)
ClaimAccessor(org.springframework.security.oauth2.core.ClaimAccessor)
DefaultOAuth2TokenContext(org.springframework.security.oauth2.server.authorization.DefaultOAuth2TokenContext)
OAuth2TokenContext(org.springframework.security.oauth2.server.authorization.OAuth2TokenContext)
OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken)
OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException)
Aggregations
OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)32
Test (org.junit.jupiter.api.Test)29
OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)29
RegisteredClient (org.springframework.security.oauth2.server.authorization.client.RegisteredClient)19
Authentication (org.springframework.security.core.Authentication)18
HashMap (java.util.HashMap)16
ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)16
Test (org.junit.Test)15
OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)15
Instant (java.time.Instant)14
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)14
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)10
OAuth2AuthorizedClient (org.springframework.security.oauth2.client.OAuth2AuthorizedClient)10
OAuth2AuthorizationCodeGrantRequest (org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest)10
OAuth2AuthenticationException (org.springframework.security.oauth2.core.OAuth2AuthenticationException)9
OAuth2RefreshToken (org.springframework.security.oauth2.core.OAuth2RefreshToken)9
OAuth2AuthorizationExchange (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange)9
OAuth2AuthorizationResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)9
Jwt (org.springframework.security.oauth2.jwt.Jwt)9
Collections (java.util.Collections)8
