use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security by spring-projects.
the class OAuth2LoginTests method oauth2LoginWhenCustomObjectsThenUsed.
@Test
public void oauth2LoginWhenCustomObjectsThenUsed() {
this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, OAuth2LoginMockAuthenticationManagerConfig.class).autowire();
String redirectLocation = "/custom-redirect-location";
WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
OAuth2LoginMockAuthenticationManagerConfig config = this.spring.getContext().getBean(OAuth2LoginMockAuthenticationManagerConfig.class);
ServerAuthenticationConverter converter = config.authenticationConverter;
ReactiveAuthenticationManager manager = config.manager;
ServerWebExchangeMatcher matcher = config.matcher;
ServerOAuth2AuthorizationRequestResolver resolver = config.resolver;
ServerAuthenticationSuccessHandler successHandler = config.successHandler;
OAuth2AuthorizationExchange exchange = TestOAuth2AuthorizationExchanges.success();
OAuth2User user = TestOAuth2Users.create();
OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes();
OAuth2LoginAuthenticationToken result = new OAuth2LoginAuthenticationToken(github, exchange, user, user.getAuthorities(), accessToken);
given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
given(manager.authenticate(any())).willReturn(Mono.just(result));
given(matcher.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match());
given(resolver.resolve(any())).willReturn(Mono.empty());
given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer<Mono<Void>>) (invocation) -> {
WebFilterExchange webFilterExchange = invocation.getArgument(0);
Authentication authentication = invocation.getArgument(1);
return new RedirectServerAuthenticationSuccessHandler(redirectLocation).onAuthenticationSuccess(webFilterExchange, authentication);
});
// @formatter:off
webTestClient.get().uri("/login/oauth2/code/github").exchange().expectStatus().is3xxRedirection().expectHeader().valueEquals("Location", redirectLocation);
// @formatter:on
verify(converter).convert(any());
verify(manager).authenticate(any());
verify(matcher).matches(any());
verify(resolver).resolve(any());
verify(successHandler).onAuthenticationSuccess(any(), any());
}
use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security by spring-projects.
the class OAuth2LoginTests method oauth2LoginWhenIdTokenValidationFailsThenDefaultRedirectToLogin.
// gh-6484
@Test
public void oauth2LoginWhenIdTokenValidationFailsThenDefaultRedirectToLogin() {
this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class, OAuth2LoginWithCustomBeansConfig.class).autowire();
WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
OAuth2LoginWithCustomBeansConfig config = this.spring.getContext().getBean(OAuth2LoginWithCustomBeansConfig.class);
// @formatter:off
OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests.request().scope("openid").build();
OAuth2AuthorizationResponse response = TestOAuth2AuthorizationResponses.success().build();
// @formatter:on
OAuth2AuthorizationExchange exchange = new OAuth2AuthorizationExchange(request, response);
OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("openid");
OAuth2AuthorizationCodeAuthenticationToken authenticationToken = new OAuth2AuthorizationCodeAuthenticationToken(google, exchange, accessToken);
ServerAuthenticationConverter converter = config.authenticationConverter;
given(converter.convert(any())).willReturn(Mono.just(authenticationToken));
Map<String, Object> additionalParameters = new HashMap<>();
additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token");
// @formatter:off
OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken(accessToken.getTokenValue()).tokenType(accessToken.getTokenType()).scopes(accessToken.getScopes()).additionalParameters(additionalParameters).build();
// @formatter:on
ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> tokenResponseClient = config.tokenResponseClient;
given(tokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory = config.jwtDecoderFactory;
OAuth2Error oauth2Error = new OAuth2Error("invalid_id_token", "Invalid ID Token", null);
given(jwtDecoderFactory.createDecoder(any())).willReturn((token) -> Mono.error(new JwtValidationException("ID Token validation failed", Collections.singleton(oauth2Error))));
// @formatter:off
webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection().expectHeader().valueEquals("Location", "/login?error");
// @formatter:on
}
use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security by spring-projects.
the class OAuth2RefreshTokenGrantRequestEntityConverterTests method convertWhenHeadersConverterSetThenCalled.
@Test
public void convertWhenHeadersConverterSetThenCalled() {
Converter<OAuth2RefreshTokenGrantRequest, HttpHeaders> headersConverter1 = mock(Converter.class);
this.converter.setHeadersConverter(headersConverter1);
Converter<OAuth2RefreshTokenGrantRequest, HttpHeaders> headersConverter2 = mock(Converter.class);
this.converter.addHeadersConverter(headersConverter2);
ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("read", "write");
OAuth2RefreshToken refreshToken = TestOAuth2RefreshTokens.refreshToken();
OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(clientRegistration, accessToken, refreshToken);
this.converter.convert(refreshTokenGrantRequest);
InOrder inOrder = inOrder(headersConverter1, headersConverter2);
inOrder.verify(headersConverter1).convert(any(OAuth2RefreshTokenGrantRequest.class));
inOrder.verify(headersConverter2).convert(any(OAuth2RefreshTokenGrantRequest.class));
}
use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security by spring-projects.
the class OAuth2RefreshTokenGrantRequestEntityConverterTests method convertWhenParametersConverterSetThenCalled.
@Test
public void convertWhenParametersConverterSetThenCalled() {
Converter<OAuth2RefreshTokenGrantRequest, MultiValueMap<String, String>> parametersConverter1 = mock(Converter.class);
this.converter.setParametersConverter(parametersConverter1);
Converter<OAuth2RefreshTokenGrantRequest, MultiValueMap<String, String>> parametersConverter2 = mock(Converter.class);
this.converter.addParametersConverter(parametersConverter2);
ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("read", "write");
OAuth2RefreshToken refreshToken = TestOAuth2RefreshTokens.refreshToken();
OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(clientRegistration, accessToken, refreshToken);
this.converter.convert(refreshTokenGrantRequest);
InOrder inOrder = inOrder(parametersConverter1, parametersConverter2);
inOrder.verify(parametersConverter1).convert(any(OAuth2RefreshTokenGrantRequest.class));
inOrder.verify(parametersConverter2).convert(any(OAuth2RefreshTokenGrantRequest.class));
}
use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security by spring-projects.
the class R2dbcReactiveOAuth2AuthorizedClientServiceTests method createAuthorizedClient.
private static OAuth2AuthorizedClient createAuthorizedClient(Authentication principal, ClientRegistration clientRegistration, boolean requiredAttributesOnly) {
Instant issuedAt = Instant.ofEpochSecond(1234567890, 123456000);
OAuth2AccessToken accessToken;
if (!requiredAttributesOnly) {
accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "scopes", issuedAt, issuedAt.plus(Duration.ofDays(1)), new HashSet<>(Arrays.asList("read", "write")));
} else {
accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "no-scopes", issuedAt, issuedAt.plus(Duration.ofDays(1)));
}
OAuth2RefreshToken refreshToken = null;
if (!requiredAttributesOnly) {
refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt);
}
return new OAuth2AuthorizedClient(clientRegistration, principal.getName(), accessToken, refreshToken);
}
Aggregations