Examples with OAuth2TokenClaimAccessor org.springframework.security.oauth2.core.OAuth2TokenClaimAccessor used on opensource projects

Example 1 with OAuth2TokenClaimAccessor

use of org.springframework.security.oauth2.core.OAuth2TokenClaimAccessor in project spring-authorization-server by spring-projects.

the class OAuth2TokenIntrospectionAuthenticationProvider method withActiveTokenClaims.

private static OAuth2TokenIntrospection withActiveTokenClaims(OAuth2Authorization.Token<AbstractOAuth2Token> authorizedToken, RegisteredClient authorizedClient) {
    OAuth2TokenIntrospection.Builder tokenClaims = OAuth2TokenIntrospection.builder(true).clientId(authorizedClient.getClientId());
    // TODO Set "username"
    AbstractOAuth2Token token = authorizedToken.getToken();
    if (token.getIssuedAt() != null) {
        tokenClaims.issuedAt(token.getIssuedAt());
    }
    if (token.getExpiresAt() != null) {
        tokenClaims.expiresAt(token.getExpiresAt());
    }
    if (OAuth2AccessToken.class.isAssignableFrom(token.getClass())) {
        OAuth2AccessToken accessToken = (OAuth2AccessToken) token;
        tokenClaims.scopes(scopes -> scopes.addAll(accessToken.getScopes()));
        tokenClaims.tokenType(accessToken.getTokenType().getValue());
        if (!CollectionUtils.isEmpty(authorizedToken.getClaims())) {
            OAuth2TokenClaimAccessor accessTokenClaims = authorizedToken::getClaims;
            Instant notBefore = accessTokenClaims.getNotBefore();
            if (notBefore != null) {
                tokenClaims.notBefore(notBefore);
            }
            tokenClaims.subject(accessTokenClaims.getSubject());
            List<String> audience = accessTokenClaims.getAudience();
            if (!CollectionUtils.isEmpty(audience)) {
                tokenClaims.audiences(audiences -> audiences.addAll(audience));
            }
            URL issuer = accessTokenClaims.getIssuer();
            if (issuer != null) {
                tokenClaims.issuer(issuer.toExternalForm());
            }
            String jti = accessTokenClaims.getId();
            if (StringUtils.hasText(jti)) {
                tokenClaims.id(jti);
            }
        }
    }
    return tokenClaims.build();
}

Example 2 with OAuth2TokenClaimAccessor

use of org.springframework.security.oauth2.core.OAuth2TokenClaimAccessor in project spring-authorization-server by spring-projects.

the class OAuth2AccessTokenGeneratorTests method generateWhenReferenceAccessTokenTypeThenReturnAccessToken.

@Test
public void generateWhenReferenceAccessTokenTypeThenReturnAccessToken() {
    // @formatter:off
    TokenSettings tokenSettings = TokenSettings.builder().accessTokenFormat(OAuth2TokenFormat.REFERENCE).build();
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().tokenSettings(tokenSettings).build();
    // @formatter:on
    OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
    Authentication principal = authorization.getAttribute(Principal.class.getName());
    OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret());
    OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute(OAuth2AuthorizationRequest.class.getName());
    OAuth2AuthorizationCodeAuthenticationToken authentication = new OAuth2AuthorizationCodeAuthenticationToken("code", clientPrincipal, authorizationRequest.getRedirectUri(), null);
    // @formatter:off
    OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder().registeredClient(registeredClient).principal(principal).providerContext(this.providerContext).authorization(authorization).authorizedScopes(authorization.getAttribute(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME)).tokenType(OAuth2TokenType.ACCESS_TOKEN).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrant(authentication).build();
    // @formatter:on
    OAuth2AccessToken accessToken = this.accessTokenGenerator.generate(tokenContext);
    assertThat(accessToken).isNotNull();
    Instant issuedAt = Instant.now();
    Instant expiresAt = issuedAt.plus(tokenContext.getRegisteredClient().getTokenSettings().getAccessTokenTimeToLive());
    assertThat(accessToken.getIssuedAt()).isBetween(issuedAt.minusSeconds(1), issuedAt.plusSeconds(1));
    assertThat(accessToken.getExpiresAt()).isBetween(expiresAt.minusSeconds(1), expiresAt.plusSeconds(1));
    assertThat(accessToken.getScopes()).isEqualTo(tokenContext.getAuthorizedScopes());
    assertThat(accessToken).isInstanceOf(ClaimAccessor.class);
    OAuth2TokenClaimAccessor accessTokenClaims = ((ClaimAccessor) accessToken)::getClaims;
    assertThat(accessTokenClaims.getClaims()).isNotEmpty();
    assertThat(accessTokenClaims.getIssuer().toExternalForm()).isEqualTo(tokenContext.getProviderContext().getIssuer());
    assertThat(accessTokenClaims.getSubject()).isEqualTo(tokenContext.getPrincipal().getName());
    assertThat(accessTokenClaims.getAudience()).isEqualTo(Collections.singletonList(tokenContext.getRegisteredClient().getClientId()));
    assertThat(accessTokenClaims.getIssuedAt()).isBetween(issuedAt.minusSeconds(1), issuedAt.plusSeconds(1));
    assertThat(accessTokenClaims.getExpiresAt()).isBetween(expiresAt.minusSeconds(1), expiresAt.plusSeconds(1));
    assertThat(accessTokenClaims.getNotBefore()).isBetween(issuedAt.minusSeconds(1), issuedAt.plusSeconds(1));
    assertThat(accessTokenClaims.getId()).isNotNull();
    Set<String> scopes = accessTokenClaims.getClaim(OAuth2ParameterNames.SCOPE);
    assertThat(scopes).isEqualTo(tokenContext.getAuthorizedScopes());
    ArgumentCaptor<OAuth2TokenClaimsContext> tokenClaimsContextCaptor = ArgumentCaptor.forClass(OAuth2TokenClaimsContext.class);
    verify(this.accessTokenCustomizer).customize(tokenClaimsContextCaptor.capture());
    OAuth2TokenClaimsContext tokenClaimsContext = tokenClaimsContextCaptor.getValue();
    assertThat(tokenClaimsContext.getClaims()).isNotNull();
    assertThat(tokenClaimsContext.getRegisteredClient()).isEqualTo(tokenContext.getRegisteredClient());
    assertThat(tokenClaimsContext.<Authentication>getPrincipal()).isEqualTo(tokenContext.getPrincipal());
    assertThat(tokenClaimsContext.getProviderContext()).isEqualTo(tokenContext.getProviderContext());
    assertThat(tokenClaimsContext.getAuthorization()).isEqualTo(tokenContext.getAuthorization());
    assertThat(tokenClaimsContext.getAuthorizedScopes()).isEqualTo(tokenContext.getAuthorizedScopes());
    assertThat(tokenClaimsContext.getTokenType()).isEqualTo(tokenContext.getTokenType());
    assertThat(tokenClaimsContext.getAuthorizationGrantType()).isEqualTo(tokenContext.getAuthorizationGrantType());
    assertThat(tokenClaimsContext.<Authentication>getAuthorizationGrant()).isEqualTo(tokenContext.getAuthorizationGrant());
}