Search in sources :

Example 96 with OAuth2AuthorizationRequest

use of org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest in project spring-security by spring-projects.

the class NimbusAuthorizationCodeTokenResponseClientTests method getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenReturnAccessTokenResponseUsingRequestedScope.

@Test
public void getTokenResponseWhenSuccessResponseDoesNotIncludeScopeThenReturnAccessTokenResponseUsingRequestedScope() throws Exception {
    MockWebServer server = new MockWebServer();
    // @formatter:off
    String accessTokenSuccessResponse = "{\n" + "   \"access_token\": \"access-token-1234\",\n" + "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\"\n" + "}\n";
    // @formatter:on
    server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(accessTokenSuccessResponse));
    server.start();
    String tokenUri = server.url("/oauth2/token").toString();
    this.clientRegistrationBuilder.tokenUri(tokenUri);
    OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request().scope("openid", "profile", "email", "address").build();
    OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, this.authorizationResponse);
    OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest(this.clientRegistrationBuilder.build(), authorizationExchange));
    server.shutdown();
    assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("openid", "profile", "email", "address");
}
Also used : OAuth2AccessTokenResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse) MockResponse(okhttp3.mockwebserver.MockResponse) OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange) MockWebServer(okhttp3.mockwebserver.MockWebServer) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) Test(org.junit.jupiter.api.Test)

Example 97 with OAuth2AuthorizationRequest

use of org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest in project spring-security by spring-projects.

the class NimbusAuthorizationCodeTokenResponseClientTests method getTokenResponseWhenRedirectUriMalformedThenThrowIllegalArgumentException.

@Test
public void getTokenResponseWhenRedirectUriMalformedThenThrowIllegalArgumentException() {
    String redirectUri = "http:\\example.com";
    OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request().redirectUri(redirectUri).build();
    OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, this.authorizationResponse);
    assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest(this.clientRegistrationBuilder.build(), authorizationExchange)));
}
Also used : OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) Test(org.junit.jupiter.api.Test)

Example 98 with OAuth2AuthorizationRequest

use of org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest in project spring-security by spring-projects.

the class NimbusAuthorizationCodeTokenResponseClientTests method getTokenResponseWhenSuccessResponseIncludesScopeThenReturnAccessTokenResponseUsingResponseScope.

@Test
public void getTokenResponseWhenSuccessResponseIncludesScopeThenReturnAccessTokenResponseUsingResponseScope() throws Exception {
    MockWebServer server = new MockWebServer();
    // @formatter:off
    String accessTokenSuccessResponse = "{\n" + "   \"access_token\": \"access-token-1234\",\n" + "   \"token_type\": \"bearer\",\n" + "   \"expires_in\": \"3600\",\n" + "   \"scope\": \"openid profile\"\n" + "}\n";
    // @formatter:on
    server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(accessTokenSuccessResponse));
    server.start();
    String tokenUri = server.url("/oauth2/token").toString();
    this.clientRegistrationBuilder.tokenUri(tokenUri);
    OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request().scope("openid", "profile", "email", "address").build();
    OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, this.authorizationResponse);
    OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest(this.clientRegistrationBuilder.build(), authorizationExchange));
    server.shutdown();
    assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("openid", "profile");
}
Also used : OAuth2AccessTokenResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse) MockResponse(okhttp3.mockwebserver.MockResponse) OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange) MockWebServer(okhttp3.mockwebserver.MockWebServer) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) Test(org.junit.jupiter.api.Test)

Example 99 with OAuth2AuthorizationRequest

use of org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest in project spring-security by spring-projects.

the class OAuth2AuthorizationCodeGrantWebFilterTests method filterWhenAuthorizationRequestRedirectUriParametersNotMatchThenNotProcessed.

// gh-7966
@Test
public void filterWhenAuthorizationRequestRedirectUriParametersNotMatchThenNotProcessed() {
    String requestUri = "/authorization/callback";
    Map<String, String> parameters = new LinkedHashMap<>();
    parameters.put("param1", "value1");
    parameters.put("param2", "value2");
    MockServerHttpRequest authorizationRequest = createAuthorizationRequest(requestUri, parameters);
    ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
    OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration);
    given(this.authorizationRequestRepository.loadAuthorizationRequest(any())).willReturn(Mono.just(oauth2AuthorizationRequest));
    // 1) Parameter value
    Map<String, String> parametersNotMatch = new LinkedHashMap<>(parameters);
    parametersNotMatch.put("param2", "value8");
    MockServerHttpRequest authorizationResponse = createAuthorizationResponse(createAuthorizationRequest(requestUri, parametersNotMatch));
    MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
    DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), Collections.emptyList());
    this.filter.filter(exchange, chain).block();
    verifyNoInteractions(this.authenticationManager);
    // 2) Parameter order
    parametersNotMatch = new LinkedHashMap<>();
    parametersNotMatch.put("param2", "value2");
    parametersNotMatch.put("param1", "value1");
    authorizationResponse = createAuthorizationResponse(createAuthorizationRequest(requestUri, parametersNotMatch));
    exchange = MockServerWebExchange.from(authorizationResponse);
    this.filter.filter(exchange, chain).block();
    verifyNoInteractions(this.authenticationManager);
    // 3) Parameter missing
    parametersNotMatch = new LinkedHashMap<>(parameters);
    parametersNotMatch.remove("param2");
    authorizationResponse = createAuthorizationResponse(createAuthorizationRequest(requestUri, parametersNotMatch));
    exchange = MockServerWebExchange.from(authorizationResponse);
    this.filter.filter(exchange, chain).block();
    verifyNoInteractions(this.authenticationManager);
}
Also used : ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) MockServerHttpRequest(org.springframework.mock.http.server.reactive.MockServerHttpRequest) MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange) DefaultWebFilterChain(org.springframework.web.server.handler.DefaultWebFilterChain) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) LinkedHashMap(java.util.LinkedHashMap) Test(org.junit.jupiter.api.Test)

Example 100 with OAuth2AuthorizationRequest

use of org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest in project spring-security by spring-projects.

the class OAuth2AuthorizationCodeGrantWebFilterTests method filterWhenAuthorizationSucceedsAndRequestCacheConfiguredThenRequestCacheUsed.

@Test
public void filterWhenAuthorizationSucceedsAndRequestCacheConfiguredThenRequestCacheUsed() {
    ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
    given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(clientRegistration));
    given(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).willReturn(Mono.empty());
    given(this.authenticationManager.authenticate(any())).willReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated()));
    MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback");
    OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration);
    given(this.authorizationRequestRepository.loadAuthorizationRequest(any())).willReturn(Mono.just(oauth2AuthorizationRequest));
    given(this.authorizationRequestRepository.removeAuthorizationRequest(any())).willReturn(Mono.just(oauth2AuthorizationRequest));
    MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
    MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
    DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), Collections.emptyList());
    ServerRequestCache requestCache = mock(ServerRequestCache.class);
    given(requestCache.getRedirectUri(any(ServerWebExchange.class))).willReturn(Mono.just(URI.create("/saved-request")));
    this.filter.setRequestCache(requestCache);
    this.filter.filter(exchange, chain).block();
    verify(requestCache).getRedirectUri(exchange);
    assertThat(exchange.getResponse().getHeaders().getLocation().toString()).isEqualTo("/saved-request");
}
Also used : ServerWebExchange(org.springframework.web.server.ServerWebExchange) MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) MockServerHttpRequest(org.springframework.mock.http.server.reactive.MockServerHttpRequest) MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange) DefaultWebFilterChain(org.springframework.web.server.handler.DefaultWebFilterChain) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) ServerRequestCache(org.springframework.security.web.server.savedrequest.ServerRequestCache) Test(org.junit.jupiter.api.Test)

Aggregations

OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)137 Test (org.junit.jupiter.api.Test)112 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)52 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)49 HashMap (java.util.HashMap)26 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)25 OAuth2AuthorizationResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)24 OAuth2AuthorizationExchange (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange)22 Authentication (org.springframework.security.core.Authentication)19 MockServerHttpRequest (org.springframework.mock.http.server.reactive.MockServerHttpRequest)18 OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)17 ServerWebExchange (org.springframework.web.server.ServerWebExchange)13 OAuth2ParameterNames (org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames)12 MockServerWebExchange (org.springframework.mock.web.server.MockServerWebExchange)11 OAuth2Error (org.springframework.security.oauth2.core.OAuth2Error)11 BeforeEach (org.junit.jupiter.api.BeforeEach)10 HttpRequestResponseHolder (org.springframework.security.web.context.HttpRequestResponseHolder)10 LinkedMultiValueMap (org.springframework.util.LinkedMultiValueMap)10 Map (java.util.Map)9 Mono (reactor.core.publisher.Mono)9