Examples with OAuth2AuthorizationResponse org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse used on opensource projects

Example 16 with OAuth2AuthorizationResponse

use of org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse in project midpoint by Evolveum.

the class OidcLoginAuthenticationFilter method attemptAuthentication.

public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
    MultiValueMap<String, String> params = toMultiMap(request.getParameterMap());
    if (!isAuthorizationResponse(params)) {
        OAuth2Error oauth2Error = new OAuth2Error(INVALID_REQUEST_ERROR_CODE);
        throw new OAuth2AuthenticationException(oauth2Error, "web.security.provider.invalid");
    } else {
        OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestRepository.removeAuthorizationRequest(request, response);
        if (authorizationRequest == null) {
            OAuth2Error oauth2Error = new OAuth2Error(AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE);
            throw new OAuth2AuthenticationException(oauth2Error, "web.security.provider.invalid");
        } else {
            String registrationId = authorizationRequest.getAttribute("registration_id");
            ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId);
            if (clientRegistration == null) {
                OAuth2Error oauth2Error = new OAuth2Error(CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE, "Client Registration not found with Id: " + registrationId, null);
                throw new OAuth2AuthenticationException(oauth2Error, "web.security.provider.invalid");
            } else {
                String redirectUri = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request)).replaceQuery(null).build().toUriString();
                OAuth2AuthorizationResponse authorizationResponse = convert(params, redirectUri);
                OAuth2LoginAuthenticationToken authenticationRequest = new OAuth2LoginAuthenticationToken(clientRegistration, new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse));
                MidpointAuthentication authenticationResult = (MidpointAuthentication) this.getAuthenticationManager().authenticate(authenticationRequest);
                Assert.notNull(authenticationResult, "authentication result cannot be null");
                return authenticationResult;
            }
        }
    }
}

Example 17 with OAuth2AuthorizationResponse

use of org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse in project spring-security by spring-projects.

the class OAuth2LoginTests method oauth2LoginWhenCustomBeansThenUsed.

@Test
public void oauth2LoginWhenCustomBeansThenUsed() {
    this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class, OAuth2LoginWithCustomBeansConfig.class).autowire();
    // @formatter:off
    WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
    // @formatter:on
    OAuth2LoginWithCustomBeansConfig config = this.spring.getContext().getBean(OAuth2LoginWithCustomBeansConfig.class);
    OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests.request().scope("openid").build();
    OAuth2AuthorizationResponse response = TestOAuth2AuthorizationResponses.success().build();
    OAuth2AuthorizationExchange exchange = new OAuth2AuthorizationExchange(request, response);
    OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("openid");
    OAuth2AuthorizationCodeAuthenticationToken token = new OAuth2AuthorizationCodeAuthenticationToken(google, exchange, accessToken);
    ServerAuthenticationConverter converter = config.authenticationConverter;
    given(converter.convert(any())).willReturn(Mono.just(token));
    ServerSecurityContextRepository securityContextRepository = config.securityContextRepository;
    given(securityContextRepository.save(any(), any())).willReturn(Mono.empty());
    given(securityContextRepository.load(any())).willReturn(authentication(token));
    Map<String, Object> additionalParameters = new HashMap<>();
    additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token");
    // @formatter:off
    OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken(accessToken.getTokenValue()).tokenType(accessToken.getTokenType()).scopes(accessToken.getScopes()).additionalParameters(additionalParameters).build();
    // @formatter:on
    ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> tokenResponseClient = config.tokenResponseClient;
    given(tokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
    OidcUser user = TestOidcUsers.create();
    ReactiveOAuth2UserService<OidcUserRequest, OidcUser> userService = config.userService;
    given(userService.loadUser(any())).willReturn(Mono.just(user));
    // @formatter:off
    webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection();
    // @formatter:on
    verify(config.jwtDecoderFactory).createDecoder(any());
    verify(tokenResponseClient).getTokenResponse(any());
    verify(securityContextRepository).save(any(), any());
}

Example 18 with OAuth2AuthorizationResponse

use of org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse in project spring-security by spring-projects.

the class OAuth2LoginTests method oauth2LoginWhenAccessTokenRequestFailsThenDefaultRedirectToLogin.

// gh-5562
@Test
public void oauth2LoginWhenAccessTokenRequestFailsThenDefaultRedirectToLogin() {
    this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class, OAuth2LoginWithCustomBeansConfig.class).autowire();
    // @formatter:off
    WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
    OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests.request().scope("openid").build();
    // @formatter:on
    OAuth2AuthorizationResponse response = TestOAuth2AuthorizationResponses.success().build();
    OAuth2AuthorizationExchange exchange = new OAuth2AuthorizationExchange(request, response);
    OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("openid");
    OAuth2AuthorizationCodeAuthenticationToken authenticationToken = new OAuth2AuthorizationCodeAuthenticationToken(google, exchange, accessToken);
    OAuth2LoginWithCustomBeansConfig config = this.spring.getContext().getBean(OAuth2LoginWithCustomBeansConfig.class);
    ServerAuthenticationConverter converter = config.authenticationConverter;
    given(converter.convert(any())).willReturn(Mono.just(authenticationToken));
    ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> tokenResponseClient = config.tokenResponseClient;
    OAuth2Error oauth2Error = new OAuth2Error("invalid_request", "Invalid request", null);
    given(tokenResponseClient.getTokenResponse(any())).willThrow(new OAuth2AuthenticationException(oauth2Error));
    // @formatter:off
    webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection().expectHeader().valueEquals("Location", "/login?error");
// @formatter:on
}

Example 19 with OAuth2AuthorizationResponse

use of org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse in project spring-security by spring-projects.

the class OAuth2ClientSpecTests method oauth2ClientWhenCustomObjectsThenUsed.

@Test
public void oauth2ClientWhenCustomObjectsThenUsed() {
    this.spring.register(ClientRegistrationConfig.class, OAuth2ClientCustomConfig.class, AuthorizedClientController.class).autowire();
    OAuth2ClientCustomConfig config = this.spring.getContext().getBean(OAuth2ClientCustomConfig.class);
    ServerAuthenticationConverter converter = config.authenticationConverter;
    ReactiveAuthenticationManager manager = config.manager;
    ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = config.authorizationRequestRepository;
    ServerRequestCache requestCache = config.requestCache;
    OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request().redirectUri("/authorize/oauth2/code/registration-id").build();
    OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().redirectUri("/authorize/oauth2/code/registration-id").build();
    OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse);
    OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes();
    OAuth2AuthorizationCodeAuthenticationToken result = new OAuth2AuthorizationCodeAuthenticationToken(this.registration, authorizationExchange, accessToken);
    given(authorizationRequestRepository.loadAuthorizationRequest(any())).willReturn(Mono.just(authorizationRequest));
    given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
    given(manager.authenticate(any())).willReturn(Mono.just(result));
    given(requestCache.getRedirectUri(any())).willReturn(Mono.just(URI.create("/saved-request")));
    // @formatter:off
    this.client.get().uri((uriBuilder) -> uriBuilder.path("/authorize/oauth2/code/registration-id").queryParam(OAuth2ParameterNames.CODE, "code").queryParam(OAuth2ParameterNames.STATE, "state").build()).exchange().expectStatus().is3xxRedirection();
    // @formatter:on
    verify(converter).convert(any());
    verify(manager).authenticate(any());
    verify(requestCache).getRedirectUri(any());
}

Example 20 with OAuth2AuthorizationResponse

use of org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse in project spring-security by spring-projects.

the class OAuth2ClientSpecTests method oauth2ClientWhenCustomObjectsInLambdaThenUsed.

@Test
public void oauth2ClientWhenCustomObjectsInLambdaThenUsed() {
    this.spring.register(ClientRegistrationConfig.class, OAuth2ClientInLambdaCustomConfig.class, AuthorizedClientController.class).autowire();
    OAuth2ClientInLambdaCustomConfig config = this.spring.getContext().getBean(OAuth2ClientInLambdaCustomConfig.class);
    ServerAuthenticationConverter converter = config.authenticationConverter;
    ReactiveAuthenticationManager manager = config.manager;
    ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = config.authorizationRequestRepository;
    ServerRequestCache requestCache = config.requestCache;
    OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request().redirectUri("/authorize/oauth2/code/registration-id").build();
    OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().redirectUri("/authorize/oauth2/code/registration-id").build();
    OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse);
    OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes();
    OAuth2AuthorizationCodeAuthenticationToken result = new OAuth2AuthorizationCodeAuthenticationToken(this.registration, authorizationExchange, accessToken);
    given(authorizationRequestRepository.loadAuthorizationRequest(any())).willReturn(Mono.just(authorizationRequest));
    given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
    given(manager.authenticate(any())).willReturn(Mono.just(result));
    given(requestCache.getRedirectUri(any())).willReturn(Mono.just(URI.create("/saved-request")));
    // @formatter:off
    this.client.get().uri((uriBuilder) -> uriBuilder.path("/authorize/oauth2/code/registration-id").queryParam(OAuth2ParameterNames.CODE, "code").queryParam(OAuth2ParameterNames.STATE, "state").build()).exchange().expectStatus().is3xxRedirection();
    // @formatter:on
    verify(converter).convert(any());
    verify(manager).authenticate(any());
    verify(requestCache).getRedirectUri(any());
}