Examples with OidcClientRegistration org.springframework.security.oauth2.core.oidc.OidcClientRegistration used on opensource projects

Search in sources :

Example 1 with OidcClientRegistration

use of org.springframework.security.oauth2.core.oidc.OidcClientRegistration in project spring-authorization-server by spring-projects.

the class OidcClientRegistrationHttpMessageConverterTests method readInternalWhenRequiredParametersThenSuccess.

@Test
public void readInternalWhenRequiredParametersThenSuccess() {
    // @formatter:off
    String clientRegistrationRequest = "{\n" + "		\"redirect_uris\": [\n" + "			\"https://client.example.com\"\n" + "		]\n" + "}\n";
    // @formatter:on
    MockClientHttpResponse response = new MockClientHttpResponse(clientRegistrationRequest.getBytes(), HttpStatus.OK);
    OidcClientRegistration clientRegistration = this.messageConverter.readInternal(OidcClientRegistration.class, response);
    assertThat(clientRegistration.getClaims()).hasSize(1);
    assertThat(clientRegistration.getRedirectUris()).containsOnly("https://client.example.com");
}
Also used : OidcClientRegistration(org.springframework.security.oauth2.core.oidc.OidcClientRegistration) MockClientHttpResponse(org.springframework.mock.http.client.MockClientHttpResponse) Test(org.junit.Test)

Example 2 with OidcClientRegistration

use of org.springframework.security.oauth2.core.oidc.OidcClientRegistration in project spring-authorization-server by spring-projects.

the class OidcClientRegistrationHttpMessageConverterTests method readInternalWhenValidParametersThenSuccess.

@Test
public void readInternalWhenValidParametersThenSuccess() throws Exception {
    // @formatter:off
    String clientRegistrationRequest = "{\n" + "		\"client_id\": \"client-id\",\n" + "		\"client_id_issued_at\": 1607633867,\n" + "		\"client_secret\": \"client-secret\",\n" + "		\"client_secret_expires_at\": 1607637467,\n" + "		\"client_name\": \"client-name\",\n" + "		\"redirect_uris\": [\n" + "			\"https://client.example.com\"\n" + "		],\n" + "		\"token_endpoint_auth_method\": \"client_secret_jwt\",\n" + "		\"token_endpoint_auth_signing_alg\": \"HS256\",\n" + "		\"grant_types\": [\n" + "			\"authorization_code\",\n" + "			\"client_credentials\"\n" + "		],\n" + "		\"response_types\":[\n" + "			\"code\"\n" + "		],\n" + "		\"scope\": \"scope1 scope2\",\n" + "		\"jwks_uri\": \"https://client.example.com/jwks\",\n" + "		\"id_token_signed_response_alg\": \"RS256\",\n" + "		\"a-claim\": \"a-value\"\n" + "}\n";
    // @formatter:on
    MockClientHttpResponse response = new MockClientHttpResponse(clientRegistrationRequest.getBytes(), HttpStatus.OK);
    OidcClientRegistration clientRegistration = this.messageConverter.readInternal(OidcClientRegistration.class, response);
    assertThat(clientRegistration.getClientId()).isEqualTo("client-id");
    assertThat(clientRegistration.getClientIdIssuedAt()).isEqualTo(Instant.ofEpochSecond(1607633867L));
    assertThat(clientRegistration.getClientSecret()).isEqualTo("client-secret");
    assertThat(clientRegistration.getClientSecretExpiresAt()).isEqualTo(Instant.ofEpochSecond(1607637467L));
    assertThat(clientRegistration.getClientName()).isEqualTo("client-name");
    assertThat(clientRegistration.getRedirectUris()).containsOnly("https://client.example.com");
    assertThat(clientRegistration.getTokenEndpointAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_JWT.getValue());
    assertThat(clientRegistration.getTokenEndpointAuthenticationSigningAlgorithm()).isEqualTo(MacAlgorithm.HS256.getName());
    assertThat(clientRegistration.getGrantTypes()).containsExactlyInAnyOrder("authorization_code", "client_credentials");
    assertThat(clientRegistration.getResponseTypes()).containsOnly("code");
    assertThat(clientRegistration.getScopes()).containsExactlyInAnyOrder("scope1", "scope2");
    assertThat(clientRegistration.getJwkSetUrl()).isEqualTo(new URL("https://client.example.com/jwks"));
    assertThat(clientRegistration.getIdTokenSignedResponseAlgorithm()).isEqualTo("RS256");
    assertThat(clientRegistration.getClaimAsString("a-claim")).isEqualTo("a-value");
}
Also used : OidcClientRegistration(org.springframework.security.oauth2.core.oidc.OidcClientRegistration) URL(java.net.URL) MockClientHttpResponse(org.springframework.mock.http.client.MockClientHttpResponse) Test(org.junit.Test)

Example 3 with OidcClientRegistration

use of org.springframework.security.oauth2.core.oidc.OidcClientRegistration in project spring-authorization-server by spring-projects.

the class OidcClientRegistrationAuthenticationProviderTests method authenticateWhenRegistrationAccessTokenNotGeneratedThenThrowOAuth2AuthenticationException.

@Test
public void authenticateWhenRegistrationAccessTokenNotGeneratedThenThrowOAuth2AuthenticationException() {
    Jwt jwt = createJwtClientRegistration();
    OAuth2AccessToken jwtAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaim(OAuth2ParameterNames.SCOPE));
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
    OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient, jwtAccessToken, jwt.getClaims()).build();
    when(this.authorizationService.findByToken(eq(jwtAccessToken.getTokenValue()), eq(OAuth2TokenType.ACCESS_TOKEN))).thenReturn(authorization);
    doReturn(null).when(this.tokenGenerator).generate(any());
    JwtAuthenticationToken principal = new JwtAuthenticationToken(jwt, AuthorityUtils.createAuthorityList("SCOPE_client.create"));
    // @formatter:off
    OidcClientRegistration clientRegistration = OidcClientRegistration.builder().clientName("client-name").redirectUri("https://client.example.com").grantType(AuthorizationGrantType.AUTHORIZATION_CODE.getValue()).grantType(AuthorizationGrantType.CLIENT_CREDENTIALS.getValue()).scope("scope1").scope("scope2").build();
    // @formatter:on
    OidcClientRegistrationAuthenticationToken authentication = new OidcClientRegistrationAuthenticationToken(principal, clientRegistration);
    assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)).isInstanceOf(OAuth2AuthenticationException.class).extracting(ex -> ((OAuth2AuthenticationException) ex).getError()).satisfies(error -> {
        assertThat(error.getErrorCode()).isEqualTo(OAuth2ErrorCodes.SERVER_ERROR);
        assertThat(error.getDescription()).contains("The token generator failed to generate the registration access token.");
    });
}
Also used : UriComponentsBuilder(org.springframework.web.util.UriComponentsBuilder) Arrays(java.util.Arrays) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) TestJoseHeaders(org.springframework.security.oauth2.jwt.TestJoseHeaders) OAuth2TokenGenerator(org.springframework.security.oauth2.server.authorization.OAuth2TokenGenerator) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) RegisteredClientRepository(org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) MacAlgorithm(org.springframework.security.oauth2.jose.jws.MacAlgorithm) TestOAuth2Authorizations(org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations) After(org.junit.After) Jwt(org.springframework.security.oauth2.jwt.Jwt) Mockito.doReturn(org.mockito.Mockito.doReturn) ProviderSettings(org.springframework.security.oauth2.server.authorization.config.ProviderSettings) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) Set(java.util.Set) JwtGenerator(org.springframework.security.oauth2.server.authorization.JwtGenerator) ProviderContextHolder(org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder) List(java.util.List) OAuth2TokenContext(org.springframework.security.oauth2.server.authorization.OAuth2TokenContext) ProviderContext(org.springframework.security.oauth2.server.authorization.context.ProviderContext) Authentication(org.springframework.security.core.Authentication) Mockito.mock(org.mockito.Mockito.mock) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) OAuth2ParameterNames(org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames) OidcClientMetadataClaimNames(org.springframework.security.oauth2.core.oidc.OidcClientMetadataClaimNames) OAuth2AuthorizationResponseType(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType) JwtEncoder(org.springframework.security.oauth2.jwt.JwtEncoder) Mockito.spy(org.mockito.Mockito.spy) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) JwtClaimsSet(org.springframework.security.oauth2.jwt.JwtClaimsSet) ArgumentCaptor(org.mockito.ArgumentCaptor) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) ClientAuthenticationMethod(org.springframework.security.oauth2.core.ClientAuthenticationMethod) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) ClientSettings(org.springframework.security.oauth2.server.authorization.config.ClientSettings) Before(org.junit.Before) OAuth2Authorization(org.springframework.security.oauth2.server.authorization.OAuth2Authorization) JwtAuthenticationToken(org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) Test(org.junit.Test) Mockito.times(org.mockito.Mockito.times) Mockito.when(org.mockito.Mockito.when) OAuth2ErrorCodes(org.springframework.security.oauth2.core.OAuth2ErrorCodes) TestRegisteredClients(org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients) OAuth2AuthorizationService(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService) Mockito.verify(org.mockito.Mockito.verify) JoseHeader(org.springframework.security.oauth2.jwt.JoseHeader) Mockito.never(org.mockito.Mockito.never) SignatureAlgorithm(org.springframework.security.oauth2.jose.jws.SignatureAlgorithm) OAuth2TokenType(org.springframework.security.oauth2.core.OAuth2TokenType) OidcClientRegistration(org.springframework.security.oauth2.core.oidc.OidcClientRegistration) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException) TestJwtClaimsSets(org.springframework.security.oauth2.jwt.TestJwtClaimsSets) Collections(java.util.Collections) AuthorityUtils(org.springframework.security.core.authority.AuthorityUtils) AuthorizationGrantType(org.springframework.security.oauth2.core.AuthorizationGrantType) JwtAuthenticationToken(org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken) Jwt(org.springframework.security.oauth2.jwt.Jwt) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) OAuth2Authorization(org.springframework.security.oauth2.server.authorization.OAuth2Authorization) OidcClientRegistration(org.springframework.security.oauth2.core.oidc.OidcClientRegistration) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) Test(org.junit.Test)

Example 4 with OidcClientRegistration

use of org.springframework.security.oauth2.core.oidc.OidcClientRegistration in project spring-authorization-server by spring-projects.

the class OidcClientRegistrationAuthenticationProviderTests method authenticateWhenClientRegistrationRequestAndAccessTokenContainsRequiredScopeAndAdditionalScopeThenThrowOAuth2AuthenticationException.

@Test
public void authenticateWhenClientRegistrationRequestAndAccessTokenContainsRequiredScopeAndAdditionalScopeThenThrowOAuth2AuthenticationException() {
    Jwt jwt = createJwt(new HashSet<>(Arrays.asList("client.create", "scope1")));
    OAuth2AccessToken jwtAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaim(OAuth2ParameterNames.SCOPE));
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
    OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient, jwtAccessToken, jwt.getClaims()).build();
    when(this.authorizationService.findByToken(eq(jwtAccessToken.getTokenValue()), eq(OAuth2TokenType.ACCESS_TOKEN))).thenReturn(authorization);
    JwtAuthenticationToken principal = new JwtAuthenticationToken(jwt, AuthorityUtils.createAuthorityList("SCOPE_client.create", "SCOPE_scope1"));
    OidcClientRegistration clientRegistration = OidcClientRegistration.builder().redirectUri("https://client.example.com").build();
    OidcClientRegistrationAuthenticationToken authentication = new OidcClientRegistrationAuthenticationToken(principal, clientRegistration);
    assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)).isInstanceOf(OAuth2AuthenticationException.class).extracting(ex -> ((OAuth2AuthenticationException) ex).getError()).extracting("errorCode").isEqualTo(OAuth2ErrorCodes.INVALID_TOKEN);
    verify(this.authorizationService).findByToken(eq(jwtAccessToken.getTokenValue()), eq(OAuth2TokenType.ACCESS_TOKEN));
}
Also used : JwtAuthenticationToken(org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken) Jwt(org.springframework.security.oauth2.jwt.Jwt) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) OAuth2Authorization(org.springframework.security.oauth2.server.authorization.OAuth2Authorization) OidcClientRegistration(org.springframework.security.oauth2.core.oidc.OidcClientRegistration) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) Test(org.junit.Test)

Example 5 with OidcClientRegistration

use of org.springframework.security.oauth2.core.oidc.OidcClientRegistration in project spring-authorization-server by spring-projects.

the class OidcClientRegistrationAuthenticationProviderTests method authenticateWhenAccessTokenNotActiveThenThrowOAuth2AuthenticationException.

@Test
public void authenticateWhenAccessTokenNotActiveThenThrowOAuth2AuthenticationException() {
    Jwt jwt = createJwtClientRegistration();
    OAuth2AccessToken jwtAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaim(OAuth2ParameterNames.SCOPE));
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
    OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient, jwtAccessToken, jwt.getClaims()).build();
    authorization = OidcAuthenticationProviderUtils.invalidate(authorization, jwtAccessToken);
    when(this.authorizationService.findByToken(eq(jwtAccessToken.getTokenValue()), eq(OAuth2TokenType.ACCESS_TOKEN))).thenReturn(authorization);
    JwtAuthenticationToken principal = new JwtAuthenticationToken(jwt, AuthorityUtils.createAuthorityList("SCOPE_client.create"));
    OidcClientRegistration clientRegistration = OidcClientRegistration.builder().redirectUri("https://client.example.com").build();
    OidcClientRegistrationAuthenticationToken authentication = new OidcClientRegistrationAuthenticationToken(principal, clientRegistration);
    assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)).isInstanceOf(OAuth2AuthenticationException.class).extracting(ex -> ((OAuth2AuthenticationException) ex).getError()).extracting("errorCode").isEqualTo(OAuth2ErrorCodes.INVALID_TOKEN);
    verify(this.authorizationService).findByToken(eq(jwtAccessToken.getTokenValue()), eq(OAuth2TokenType.ACCESS_TOKEN));
}
Also used : JwtAuthenticationToken(org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken) Jwt(org.springframework.security.oauth2.jwt.Jwt) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) OAuth2Authorization(org.springframework.security.oauth2.server.authorization.OAuth2Authorization) OidcClientRegistration(org.springframework.security.oauth2.core.oidc.OidcClientRegistration) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) Test(org.junit.Test)

Aggregations

OidcClientRegistration (org.springframework.security.oauth2.core.oidc.OidcClientRegistration)26 Test (org.junit.Test)21 OAuth2AuthenticationException (org.springframework.security.oauth2.core.OAuth2AuthenticationException)14 Jwt (org.springframework.security.oauth2.jwt.Jwt)13 JwtAuthenticationToken (org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken)13 OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)12 RegisteredClient (org.springframework.security.oauth2.server.authorization.client.RegisteredClient)12 OAuth2Authorization (org.springframework.security.oauth2.server.authorization.OAuth2Authorization)11 ProviderContext (org.springframework.security.oauth2.server.authorization.context.ProviderContext)6 ArrayList (java.util.ArrayList)5 Authentication (org.springframework.security.core.Authentication)5 AuthorizationGrantType (org.springframework.security.oauth2.core.AuthorizationGrantType)5 ClientAuthenticationMethod (org.springframework.security.oauth2.core.ClientAuthenticationMethod)5 OAuth2AuthorizationResponseType (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType)5 MacAlgorithm (org.springframework.security.oauth2.jose.jws.MacAlgorithm)5 SignatureAlgorithm (org.springframework.security.oauth2.jose.jws.SignatureAlgorithm)5 Collections (java.util.Collections)4 HashSet (java.util.HashSet)4 List (java.util.List)4 Set (java.util.Set)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial