use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security by spring-projects.
the class JwtBearerReactiveOAuth2AuthorizedClientProviderTests method authorizeWhenJwtBearerAndTokenNotExpiredButClockSkewForcesExpiryThenReauthorize.
@Test
public void authorizeWhenJwtBearerAndTokenNotExpiredButClockSkewForcesExpiryThenReauthorize() {
Instant now = Instant.now();
Instant issuedAt = now.minus(Duration.ofMinutes(60));
Instant expiresAt = now.plus(Duration.ofMinutes(1));
OAuth2AccessToken expiresInOneMinAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token-1234", issuedAt, expiresAt);
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), expiresInOneMinAccessToken);
// Shorten the lifespan of the access token by 90 seconds, which will ultimately
// force it to expire on the client
this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90));
OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
// @formatter:off
OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient).principal(this.principal).build();
// @formatter:on
OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block();
assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
}
use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security by spring-projects.
the class DefaultMapOAuth2AccessTokenResponseConverterTests method shouldConvertFull.
@Test
public void shouldConvertFull() {
Map<String, Object> map = new HashMap<>();
map.put("access_token", "access-token-1234");
map.put("token_type", "bearer");
map.put("expires_in", "3600");
map.put("scope", "read write");
map.put("refresh_token", "refresh-token-1234");
map.put("custom_parameter_1", "custom-value-1");
map.put("custom_parameter_2", "custom-value-2");
OAuth2AccessTokenResponse converted = this.messageConverter.convert(map);
OAuth2AccessToken accessToken = converted.getAccessToken();
Assertions.assertNotNull(accessToken);
Assertions.assertEquals("access-token-1234", accessToken.getTokenValue());
Assertions.assertEquals(OAuth2AccessToken.TokenType.BEARER, accessToken.getTokenType());
Set<String> scopes = accessToken.getScopes();
Assertions.assertNotNull(scopes);
Assertions.assertEquals(2, scopes.size());
Assertions.assertTrue(scopes.contains("read"));
Assertions.assertTrue(scopes.contains("write"));
Assertions.assertEquals(3600, Duration.between(accessToken.getIssuedAt(), accessToken.getExpiresAt()).getSeconds());
OAuth2RefreshToken refreshToken = converted.getRefreshToken();
Assertions.assertNotNull(refreshToken);
Assertions.assertEquals("refresh-token-1234", refreshToken.getTokenValue());
Map<String, Object> additionalParameters = converted.getAdditionalParameters();
Assertions.assertNotNull(additionalParameters);
Assertions.assertEquals(2, additionalParameters.size());
Assertions.assertEquals("custom-value-1", additionalParameters.get("custom_parameter_1"));
Assertions.assertEquals("custom-value-2", additionalParameters.get("custom_parameter_2"));
}
use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security by spring-projects.
the class DefaultMapOAuth2AccessTokenResponseConverterTests method shouldConvertWithObjectAdditionalParameter.
// gh-9685
@Test
public void shouldConvertWithObjectAdditionalParameter() {
Map<String, Object> map = new HashMap<>();
map.put("access_token", "access-token-1234");
map.put("token_type", "bearer");
map.put("expires_in", "3600");
map.put("scope", "read write");
map.put("refresh_token", "refresh-token-1234");
Map<String, Object> nestedObject = new LinkedHashMap<>();
nestedObject.put("a", "first value");
nestedObject.put("b", "second value");
map.put("custom_parameter_1", nestedObject);
map.put("custom_parameter_2", "custom-value-2");
OAuth2AccessTokenResponse converted = this.messageConverter.convert(map);
OAuth2AccessToken accessToken = converted.getAccessToken();
Assertions.assertNotNull(accessToken);
Assertions.assertEquals("access-token-1234", accessToken.getTokenValue());
Assertions.assertEquals(OAuth2AccessToken.TokenType.BEARER, accessToken.getTokenType());
Set<String> scopes = accessToken.getScopes();
Assertions.assertNotNull(scopes);
Assertions.assertEquals(2, scopes.size());
Assertions.assertTrue(scopes.contains("read"));
Assertions.assertTrue(scopes.contains("write"));
Assertions.assertEquals(3600, Duration.between(accessToken.getIssuedAt(), accessToken.getExpiresAt()).getSeconds());
OAuth2RefreshToken refreshToken = converted.getRefreshToken();
Assertions.assertNotNull(refreshToken);
Assertions.assertEquals("refresh-token-1234", refreshToken.getTokenValue());
Map<String, Object> additionalParameters = converted.getAdditionalParameters();
Assertions.assertNotNull(additionalParameters);
Assertions.assertEquals(2, additionalParameters.size());
Assertions.assertEquals(nestedObject, additionalParameters.get("custom_parameter_1"));
Assertions.assertEquals("custom-value-2", additionalParameters.get("custom_parameter_2"));
}
use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security by spring-projects.
the class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests method oauth2ClientWhenAccessTokenThenUses.
@Test
public void oauth2ClientWhenAccessTokenThenUses() throws Exception {
OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes();
this.mvc.perform(get("/access-token").with(oauth2Client("registration-id").accessToken(accessToken))).andExpect(content().string("no-scopes"));
}
use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security by spring-projects.
the class OAuth2LoginTests method oauth2LoginWhenCustomObjectsInLambdaThenUsed.
@Test
public void oauth2LoginWhenCustomObjectsInLambdaThenUsed() {
this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, OAuth2LoginMockAuthenticationManagerInLambdaConfig.class).autowire();
String redirectLocation = "/custom-redirect-location";
WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
OAuth2LoginMockAuthenticationManagerInLambdaConfig config = this.spring.getContext().getBean(OAuth2LoginMockAuthenticationManagerInLambdaConfig.class);
ServerAuthenticationConverter converter = config.authenticationConverter;
ReactiveAuthenticationManager manager = config.manager;
ServerWebExchangeMatcher matcher = config.matcher;
ServerOAuth2AuthorizationRequestResolver resolver = config.resolver;
ServerAuthenticationSuccessHandler successHandler = config.successHandler;
OAuth2AuthorizationExchange exchange = TestOAuth2AuthorizationExchanges.success();
OAuth2User user = TestOAuth2Users.create();
OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes();
OAuth2LoginAuthenticationToken result = new OAuth2LoginAuthenticationToken(github, exchange, user, user.getAuthorities(), accessToken);
given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
given(manager.authenticate(any())).willReturn(Mono.just(result));
given(matcher.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match());
given(resolver.resolve(any())).willReturn(Mono.empty());
given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer<Mono<Void>>) (invocation) -> {
WebFilterExchange webFilterExchange = invocation.getArgument(0);
Authentication authentication = invocation.getArgument(1);
return new RedirectServerAuthenticationSuccessHandler(redirectLocation).onAuthenticationSuccess(webFilterExchange, authentication);
});
// @formatter:off
webTestClient.get().uri("/login/oauth2/code/github").exchange().expectStatus().is3xxRedirection().expectHeader().valueEquals("Location", redirectLocation);
// @formatter:on
verify(converter).convert(any());
verify(manager).authenticate(any());
verify(matcher).matches(any());
verify(resolver).resolve(any());
verify(successHandler).onAuthenticationSuccess(any(), any());
}
Aggregations