use of org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest in project spring-security by spring-projects.
the class OAuth2AuthorizationCodeReactiveAuthenticationManager method authenticate.
@Override
public Mono<Authentication> authenticate(Authentication authentication) {
return Mono.defer(() -> {
OAuth2AuthorizationCodeAuthenticationToken token = (OAuth2AuthorizationCodeAuthenticationToken) authentication;
OAuth2AuthorizationResponse authorizationResponse = token.getAuthorizationExchange().getAuthorizationResponse();
if (authorizationResponse.statusError()) {
return Mono.error(new OAuth2AuthorizationException(authorizationResponse.getError()));
}
OAuth2AuthorizationRequest authorizationRequest = token.getAuthorizationExchange().getAuthorizationRequest();
if (!authorizationResponse.getState().equals(authorizationRequest.getState())) {
OAuth2Error oauth2Error = new OAuth2Error(INVALID_STATE_PARAMETER_ERROR_CODE);
return Mono.error(new OAuth2AuthorizationException(oauth2Error));
}
OAuth2AuthorizationCodeGrantRequest authzRequest = new OAuth2AuthorizationCodeGrantRequest(token.getClientRegistration(), token.getAuthorizationExchange());
return this.accessTokenResponseClient.getTokenResponse(authzRequest).map(onSuccess(token));
});
}
use of org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest in project spring-security by spring-projects.
the class OAuth2LoginAuthenticationFilterTests method doFilterWhenAuthorizationResponseHasNonDefaultPortThenRedirectUriMatchingIncludesPort.
// gh-5890
@Test
public void doFilterWhenAuthorizationResponseHasNonDefaultPortThenRedirectUriMatchingIncludesPort() throws Exception {
String requestUri = "/login/oauth2/code/" + this.registration2.getRegistrationId();
String state = "state";
MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
request.setScheme("https");
request.setServerName("example.com");
request.setServerPort(9090);
request.setServletPath(requestUri);
request.addParameter(OAuth2ParameterNames.CODE, "code");
request.addParameter(OAuth2ParameterNames.STATE, "state");
MockHttpServletResponse response = new MockHttpServletResponse();
FilterChain filterChain = mock(FilterChain.class);
this.setUpAuthorizationRequest(request, response, this.registration2, state);
this.setUpAuthenticationResult(this.registration2);
this.filter.doFilter(request, response, filterChain);
ArgumentCaptor<Authentication> authenticationArgCaptor = ArgumentCaptor.forClass(Authentication.class);
verify(this.authenticationManager).authenticate(authenticationArgCaptor.capture());
OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) authenticationArgCaptor.getValue();
OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange().getAuthorizationRequest();
OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange().getAuthorizationResponse();
String expectedRedirectUri = "https://example.com:9090/login/oauth2/code/registration-id-2";
assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedRedirectUri);
assertThat(authorizationResponse.getRedirectUri()).isEqualTo(expectedRedirectUri);
}
use of org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest in project spring-security by spring-projects.
the class WebSessionOAuth2ServerAuthorizationRequestRepositoryAllowMultipleAuthorizationRequestsTests method loadAuthorizationRequestWhenSavedWithAllowMultipleAuthorizationRequestsThenReturnOldAuthorizationRequest.
// gh-5145
@Test
public void loadAuthorizationRequestWhenSavedWithAllowMultipleAuthorizationRequestsThenReturnOldAuthorizationRequest() {
// save 2 requests with legacy (allowMultipleAuthorizationRequests=true) and load
// with new
WebSessionOAuth2ServerAuthorizationRequestRepository legacy = new WebSessionOAuth2ServerAuthorizationRequestRepository();
legacy.setAllowMultipleAuthorizationRequests(true);
// @formatter:off
String state1 = "state-1122";
OAuth2AuthorizationRequest authorizationRequest1 = OAuth2AuthorizationRequest.authorizationCode().authorizationUri("https://example.com/oauth2/authorize").clientId("client-id").redirectUri("http://localhost/client-1").state(state1).build();
StepVerifier.create(legacy.saveAuthorizationRequest(authorizationRequest1, this.exchange)).verifyComplete();
String state2 = "state-3344";
OAuth2AuthorizationRequest authorizationRequest2 = OAuth2AuthorizationRequest.authorizationCode().authorizationUri("https://example.com/oauth2/authorize").clientId("client-id").redirectUri("http://localhost/client-1").state(state2).build();
StepVerifier.create(legacy.saveAuthorizationRequest(authorizationRequest2, this.exchange)).verifyComplete();
ServerHttpRequest newRequest = MockServerHttpRequest.get("/").queryParam(OAuth2ParameterNames.STATE, state1).build();
ServerWebExchange newExchange = this.exchange.mutate().request(newRequest).build();
StepVerifier.create(this.repository.loadAuthorizationRequest(newExchange)).expectNext(authorizationRequest1).verifyComplete();
// @formatter:on
}
use of org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest in project spring-security by spring-projects.
the class WebSessionOAuth2ServerAuthorizationRequestRepositoryAllowMultipleAuthorizationRequestsTests method saveAuthorizationRequestWhenSavedWithAllowMultipleAuthorizationRequestsThenLoadNewAuthorizationRequest.
// gh-5145
@Test
public void saveAuthorizationRequestWhenSavedWithAllowMultipleAuthorizationRequestsThenLoadNewAuthorizationRequest() {
// save 2 requests with legacy (allowMultipleAuthorizationRequests=true), save
// with new, and load with new
WebSessionOAuth2ServerAuthorizationRequestRepository legacy = new WebSessionOAuth2ServerAuthorizationRequestRepository();
legacy.setAllowMultipleAuthorizationRequests(true);
// @formatter:off
String state1 = "state-1122";
OAuth2AuthorizationRequest authorizationRequest1 = OAuth2AuthorizationRequest.authorizationCode().authorizationUri("https://example.com/oauth2/authorize").clientId("client-id").redirectUri("http://localhost/client-1").state(state1).build();
StepVerifier.create(legacy.saveAuthorizationRequest(authorizationRequest1, this.exchange)).verifyComplete();
String state2 = "state-3344";
OAuth2AuthorizationRequest authorizationRequest2 = OAuth2AuthorizationRequest.authorizationCode().authorizationUri("https://example.com/oauth2/authorize").clientId("client-id").redirectUri("http://localhost/client-1").state(state2).build();
StepVerifier.create(legacy.saveAuthorizationRequest(authorizationRequest2, this.exchange)).verifyComplete();
String state3 = "state-5566";
OAuth2AuthorizationRequest authorizationRequest3 = OAuth2AuthorizationRequest.authorizationCode().authorizationUri("https://example.com/oauth2/authorize").clientId("client-id").redirectUri("http://localhost/client-1").state(state3).build();
ServerHttpRequest newRequest = MockServerHttpRequest.get("/").queryParam(OAuth2ParameterNames.STATE, state3).build();
ServerWebExchange newExchange = this.exchange.mutate().request(newRequest).build();
Mono<OAuth2AuthorizationRequest> saveAndLoad = this.repository.saveAuthorizationRequest(authorizationRequest3, this.exchange).then(this.repository.loadAuthorizationRequest(newExchange));
StepVerifier.create(saveAndLoad).expectNext(authorizationRequest3).verifyComplete();
// @formatter:on
}
use of org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest in project spring-security by spring-projects.
the class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests method removeAuthorizationRequestWhenStateMissingThenNoErrors.
// gh-5599
@Test
public void removeAuthorizationRequestWhenStateMissingThenNoErrors() {
// @formatter:off
MockServerHttpRequest otherState = MockServerHttpRequest.get("/").queryParam(OAuth2ParameterNames.STATE, "other").build();
ServerWebExchange otherStateExchange = this.exchange.mutate().request(otherState).build();
Mono<OAuth2AuthorizationRequest> saveAndRemove = this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange).then(this.repository.removeAuthorizationRequest(otherStateExchange));
StepVerifier.create(saveAndRemove).verifyComplete();
// @formatter:on
}
Aggregations