Example 21 with OAuth2AuthorizationResponse
use of org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse in project spring-security by spring-projects.
the class OAuth2AuthorizationCodeGrantRequestEntityConverterTests method convertWhenGrantRequestValidThenConverts.
@SuppressWarnings("unchecked")
@Test
public void convertWhenGrantRequestValidThenConverts() {
ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
OAuth2AuthorizationExchange authorizationExchange = TestOAuth2AuthorizationExchanges.success();
OAuth2AuthorizationRequest authorizationRequest = authorizationExchange.getAuthorizationRequest();
OAuth2AuthorizationResponse authorizationResponse = authorizationExchange.getAuthorizationResponse();
OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest = new OAuth2AuthorizationCodeGrantRequest(clientRegistration, authorizationExchange);
RequestEntity<?> requestEntity = this.converter.convert(authorizationCodeGrantRequest);
assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST);
assertThat(requestEntity.getUrl().toASCIIString()).isEqualTo(clientRegistration.getProviderDetails().getTokenUri());
HttpHeaders headers = requestEntity.getHeaders();
assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8);
assertThat(headers.getContentType()).isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"));
assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic ");
MultiValueMap<String, String> formParameters = (MultiValueMap<String, String>) requestEntity.getBody();
assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE.getValue());
assertThat(formParameters.getFirst(OAuth2ParameterNames.CODE)).isEqualTo(authorizationResponse.getCode());
assertThat(formParameters.getFirst(OAuth2ParameterNames.CLIENT_ID)).isNull();
assertThat(formParameters.getFirst(OAuth2ParameterNames.REDIRECT_URI)).isEqualTo(authorizationRequest.getRedirectUri());
}
Also used :
HttpHeaders(org.springframework.http.HttpHeaders)
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange)
OAuth2AuthorizationResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)
OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)
MultiValueMap(org.springframework.util.MultiValueMap)
Test(org.junit.jupiter.api.Test)
Example 22 with OAuth2AuthorizationResponse
use of org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse in project spring-security by spring-projects.
the class OAuth2AuthorizationCodeAuthenticationProviderTests method authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthorizationException.
@Test
public void authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthorizationException() {
OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().state("67890").build();
OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse);
assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(() -> this.authenticationProvider.authenticate(new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange))).withMessageContaining("invalid_state_parameter");
}
Also used :
OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange)
OAuth2AuthorizationResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)
Test(org.junit.jupiter.api.Test)
Example 23 with OAuth2AuthorizationResponse
use of org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse in project spring-security by spring-projects.
the class OAuth2AuthorizationCodeAuthenticationProviderTests method authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthorizationException.
@Test
public void authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthorizationException() {
OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.error().errorCode(OAuth2ErrorCodes.INVALID_REQUEST).build();
OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse);
assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(() -> this.authenticationProvider.authenticate(new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange))).withMessageContaining(OAuth2ErrorCodes.INVALID_REQUEST);
}
Also used :
OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange)
OAuth2AuthorizationResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)
Test(org.junit.jupiter.api.Test)
Example 24 with OAuth2AuthorizationResponse
use of org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse in project spring-security by spring-projects.
the class OAuth2LoginAuthenticationProviderTests method authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthenticationException.
@Test
public void authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthenticationException() {
OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().state("67890").build();
OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse);
assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.authenticationProvider.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange))).withMessageContaining("invalid_state_parameter");
}
Also used :
OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange)
OAuth2AuthorizationResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)
Test(org.junit.jupiter.api.Test)
Example 25 with OAuth2AuthorizationResponse
use of org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse in project spring-security by spring-projects.
the class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests method applyWhenCodeParameterFoundThenCode.
@Test
public void applyWhenCodeParameterFoundThenCode() {
this.request.queryParam(OAuth2ParameterNames.CODE, "code");
given(this.authorizationRequestRepository.removeAuthorizationRequest(any())).willReturn(Mono.just(this.authorizationRequest.build()));
given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(this.clientRegistration));
OAuth2AuthorizationCodeAuthenticationToken result = applyConverter();
OAuth2AuthorizationResponse exchange = result.getAuthorizationExchange().getAuthorizationResponse();
assertThat(exchange.getError()).isNull();
assertThat(exchange.getCode()).isEqualTo("code");
}
Also used :
OAuth2AuthorizationCodeAuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken)
OAuth2AuthorizationResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)
Test(org.junit.jupiter.api.Test)
Aggregations
OAuth2AuthorizationResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)32
OAuth2AuthorizationExchange (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange)24
OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)23
Test (org.junit.jupiter.api.Test)17
ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)14
OAuth2AuthorizationCodeAuthenticationToken (org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken)10
OAuth2LoginAuthenticationToken (org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)10
OAuth2Error (org.springframework.security.oauth2.core.OAuth2Error)9
OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)7
OAuth2AuthorizationCodeGrantRequest (org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest)6
HashMap (java.util.HashMap)5
Authentication (org.springframework.security.core.Authentication)5
OAuth2AuthenticationException (org.springframework.security.oauth2.core.OAuth2AuthenticationException)5
OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)5
ServerAuthenticationConverter (org.springframework.security.web.server.authentication.ServerAuthenticationConverter)5
WebTestClient (org.springframework.test.web.reactive.server.WebTestClient)5
OAuth2AuthorizedClient (org.springframework.security.oauth2.client.OAuth2AuthorizedClient)4
OAuth2AuthorizationException (org.springframework.security.oauth2.core.OAuth2AuthorizationException)4
ReactiveAuthenticationManager (org.springframework.security.authentication.ReactiveAuthenticationManager)3
OidcUserRequest (org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest)3
