use of org.springframework.security.oauth2.core.OAuth2Error in project spring-security by spring-projects.
the class BearerTokenServerAuthenticationEntryPointTests method commenceWhenOAuth2ErrorCompleteThenContainsErrorInformation.
@Test
public void commenceWhenOAuth2ErrorCompleteThenContainsErrorInformation() {
OAuth2Error oauthError = new OAuth2Error(OAuth2ErrorCodes.INVALID_REQUEST, "Oops", "https://example.com");
OAuth2AuthenticationException exception = new OAuth2AuthenticationException(oauthError);
this.entryPoint.commence(this.exchange, exception).block();
assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE)).isEqualTo("Bearer error=\"invalid_request\", error_description=\"Oops\", error_uri=\"https://example.com\"");
assertThat(getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
}
use of org.springframework.security.oauth2.core.OAuth2Error in project spring-security by spring-projects.
the class BearerTokenServerAuthenticationEntryPointTests method commenceWhenOAuth2AuthenticationExceptionThenContainsErrorInformation.
@Test
public void commenceWhenOAuth2AuthenticationExceptionThenContainsErrorInformation() {
OAuth2Error oauthError = new OAuth2Error(OAuth2ErrorCodes.INVALID_REQUEST);
OAuth2AuthenticationException exception = new OAuth2AuthenticationException(oauthError);
this.entryPoint.commence(this.exchange, exception).block();
assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE)).isEqualTo("Bearer error=\"invalid_request\"");
assertThat(getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
}
use of org.springframework.security.oauth2.core.OAuth2Error in project spring-security by spring-projects.
the class OidcAuthorizationCodeReactiveAuthenticationManager method authenticate.
@Override
public Mono<Authentication> authenticate(Authentication authentication) {
return Mono.defer(() -> {
OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = (OAuth2AuthorizationCodeAuthenticationToken) authentication;
// value.
if (!authorizationCodeAuthentication.getAuthorizationExchange().getAuthorizationRequest().getScopes().contains("openid")) {
// and let OAuth2LoginReactiveAuthenticationManager handle it instead
return Mono.empty();
}
OAuth2AuthorizationRequest authorizationRequest = authorizationCodeAuthentication.getAuthorizationExchange().getAuthorizationRequest();
OAuth2AuthorizationResponse authorizationResponse = authorizationCodeAuthentication.getAuthorizationExchange().getAuthorizationResponse();
if (authorizationResponse.statusError()) {
return Mono.error(new OAuth2AuthenticationException(authorizationResponse.getError(), authorizationResponse.getError().toString()));
}
if (!authorizationResponse.getState().equals(authorizationRequest.getState())) {
OAuth2Error oauth2Error = new OAuth2Error(INVALID_STATE_PARAMETER_ERROR_CODE);
return Mono.error(new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()));
}
OAuth2AuthorizationCodeGrantRequest authzRequest = new OAuth2AuthorizationCodeGrantRequest(authorizationCodeAuthentication.getClientRegistration(), authorizationCodeAuthentication.getAuthorizationExchange());
return this.accessTokenResponseClient.getTokenResponse(authzRequest).flatMap((accessTokenResponse) -> authenticationResult(authorizationCodeAuthentication, accessTokenResponse)).onErrorMap(OAuth2AuthorizationException.class, (e) -> new OAuth2AuthenticationException(e.getError(), e.getError().toString(), e)).onErrorMap(JwtException.class, (e) -> {
OAuth2Error invalidIdTokenError = new OAuth2Error(INVALID_ID_TOKEN_ERROR_CODE, e.getMessage(), null);
return new OAuth2AuthenticationException(invalidIdTokenError, invalidIdTokenError.toString(), e);
});
});
}
use of org.springframework.security.oauth2.core.OAuth2Error in project spring-security by spring-projects.
the class OidcAuthorizationCodeReactiveAuthenticationManager method authenticationResult.
private Mono<OAuth2LoginAuthenticationToken> authenticationResult(OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication, OAuth2AccessTokenResponse accessTokenResponse) {
OAuth2AccessToken accessToken = accessTokenResponse.getAccessToken();
ClientRegistration clientRegistration = authorizationCodeAuthentication.getClientRegistration();
Map<String, Object> additionalParameters = accessTokenResponse.getAdditionalParameters();
if (!additionalParameters.containsKey(OidcParameterNames.ID_TOKEN)) {
OAuth2Error invalidIdTokenError = new OAuth2Error(INVALID_ID_TOKEN_ERROR_CODE, "Missing (required) ID Token in Token Response for Client Registration: " + clientRegistration.getRegistrationId(), null);
return Mono.error(new OAuth2AuthenticationException(invalidIdTokenError, invalidIdTokenError.toString()));
}
// @formatter:off
return createOidcToken(clientRegistration, accessTokenResponse).doOnNext((idToken) -> validateNonce(authorizationCodeAuthentication, idToken)).map((idToken) -> new OidcUserRequest(clientRegistration, accessToken, idToken, additionalParameters)).flatMap(this.userService::loadUser).map((oauth2User) -> {
Collection<? extends GrantedAuthority> mappedAuthorities = this.authoritiesMapper.mapAuthorities(oauth2User.getAuthorities());
return new OAuth2LoginAuthenticationToken(authorizationCodeAuthentication.getClientRegistration(), authorizationCodeAuthentication.getAuthorizationExchange(), oauth2User, mappedAuthorities, accessToken, accessTokenResponse.getRefreshToken());
});
// @formatter:on
}
use of org.springframework.security.oauth2.core.OAuth2Error in project spring-security by spring-projects.
the class OAuth2ErrorResponseErrorHandler method readErrorFromWwwAuthenticate.
private OAuth2Error readErrorFromWwwAuthenticate(HttpHeaders headers) {
String wwwAuthenticateHeader = headers.getFirst(HttpHeaders.WWW_AUTHENTICATE);
if (!StringUtils.hasText(wwwAuthenticateHeader)) {
return null;
}
BearerTokenError bearerTokenError = getBearerToken(wwwAuthenticateHeader);
if (bearerTokenError == null) {
return new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR, null, null);
}
String errorCode = (bearerTokenError.getCode() != null) ? bearerTokenError.getCode() : OAuth2ErrorCodes.SERVER_ERROR;
String errorDescription = bearerTokenError.getDescription();
String errorUri = (bearerTokenError.getURI() != null) ? bearerTokenError.getURI().toString() : null;
return new OAuth2Error(errorCode, errorDescription, errorUri);
}
Aggregations