Examples with OidcIdToken org.springframework.security.oauth2.core.oidc.OidcIdToken used on opensource projects

Example 6 with OidcIdToken

use of org.springframework.security.oauth2.core.oidc.OidcIdToken in project spring-security by spring-projects.

the class OidcAuthorizationCodeAuthenticationProvider method createOidcToken.

private OidcIdToken createOidcToken(ClientRegistration clientRegistration, OAuth2AccessTokenResponse accessTokenResponse) {
    JwtDecoder jwtDecoder = this.jwtDecoderFactory.createDecoder(clientRegistration);
    Jwt jwt = getJwt(accessTokenResponse, jwtDecoder);
    OidcIdToken idToken = new OidcIdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaims());
    return idToken;
}

Example 7 with OidcIdToken

use of org.springframework.security.oauth2.core.oidc.OidcIdToken in project spring-security by spring-projects.

the class OidcAuthorizationCodeAuthenticationProvider method validateNonce.

private void validateNonce(OAuth2AuthorizationRequest authorizationRequest, OidcIdToken idToken) {
    String requestNonce = authorizationRequest.getAttribute(OidcParameterNames.NONCE);
    if (requestNonce == null) {
        return;
    }
    String nonceHash = getNonceHash(requestNonce);
    String nonceHashClaim = idToken.getNonce();
    if (nonceHashClaim == null || !nonceHashClaim.equals(nonceHash)) {
        OAuth2Error oauth2Error = new OAuth2Error(INVALID_NONCE_ERROR_CODE);
        throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
    }
}

Example 8 with OidcIdToken

use of org.springframework.security.oauth2.core.oidc.OidcIdToken in project spring-security by spring-projects.

the class OidcAuthorizationCodeReactiveAuthenticationManager method createOidcToken.

private Mono<OidcIdToken> createOidcToken(ClientRegistration clientRegistration, OAuth2AccessTokenResponse accessTokenResponse) {
    ReactiveJwtDecoder jwtDecoder = this.jwtDecoderFactory.createDecoder(clientRegistration);
    String rawIdToken = (String) accessTokenResponse.getAdditionalParameters().get(OidcParameterNames.ID_TOKEN);
    // @formatter:off
    return jwtDecoder.decode(rawIdToken).map((jwt) -> new OidcIdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaims()));
// @formatter:on
}

Example 9 with OidcIdToken

use of org.springframework.security.oauth2.core.oidc.OidcIdToken in project spring-security by spring-projects.

the class OAuth2AuthenticationTokenMixinTests method deserializeWhenMixinRegisteredThenDeserializes.

@Test
public void deserializeWhenMixinRegisteredThenDeserializes() throws Exception {
    // OidcUser
    OAuth2AuthenticationToken expectedAuthentication = TestOAuth2AuthenticationTokens.oidcAuthenticated();
    String json = asJson(expectedAuthentication);
    OAuth2AuthenticationToken authentication = this.mapper.readValue(json, OAuth2AuthenticationToken.class);
    assertThat(authentication.getAuthorities()).containsExactlyElementsOf(expectedAuthentication.getAuthorities());
    assertThat(authentication.getDetails()).isEqualTo(expectedAuthentication.getDetails());
    assertThat(authentication.isAuthenticated()).isEqualTo(expectedAuthentication.isAuthenticated());
    assertThat(authentication.getAuthorizedClientRegistrationId()).isEqualTo(expectedAuthentication.getAuthorizedClientRegistrationId());
    DefaultOidcUser expectedOidcUser = (DefaultOidcUser) expectedAuthentication.getPrincipal();
    DefaultOidcUser oidcUser = (DefaultOidcUser) authentication.getPrincipal();
    assertThat(oidcUser.getAuthorities().containsAll(expectedOidcUser.getAuthorities())).isTrue();
    assertThat(oidcUser.getAttributes()).containsExactlyEntriesOf(expectedOidcUser.getAttributes());
    assertThat(oidcUser.getName()).isEqualTo(expectedOidcUser.getName());
    OidcIdToken expectedIdToken = expectedOidcUser.getIdToken();
    OidcIdToken idToken = oidcUser.getIdToken();
    assertThat(idToken.getTokenValue()).isEqualTo(expectedIdToken.getTokenValue());
    assertThat(idToken.getIssuedAt()).isEqualTo(expectedIdToken.getIssuedAt());
    assertThat(idToken.getExpiresAt()).isEqualTo(expectedIdToken.getExpiresAt());
    assertThat(idToken.getClaims()).containsExactlyEntriesOf(expectedIdToken.getClaims());
    OidcUserInfo expectedUserInfo = expectedOidcUser.getUserInfo();
    OidcUserInfo userInfo = oidcUser.getUserInfo();
    assertThat(userInfo.getClaims()).containsExactlyEntriesOf(expectedUserInfo.getClaims());
    // OAuth2User
    expectedAuthentication = TestOAuth2AuthenticationTokens.authenticated();
    json = asJson(expectedAuthentication);
    authentication = this.mapper.readValue(json, OAuth2AuthenticationToken.class);
    assertThat(authentication.getAuthorities()).containsExactlyElementsOf(expectedAuthentication.getAuthorities());
    assertThat(authentication.getDetails()).isEqualTo(expectedAuthentication.getDetails());
    assertThat(authentication.isAuthenticated()).isEqualTo(expectedAuthentication.isAuthenticated());
    assertThat(authentication.getAuthorizedClientRegistrationId()).isEqualTo(expectedAuthentication.getAuthorizedClientRegistrationId());
    DefaultOAuth2User expectedOauth2User = (DefaultOAuth2User) expectedAuthentication.getPrincipal();
    DefaultOAuth2User oauth2User = (DefaultOAuth2User) authentication.getPrincipal();
    assertThat(oauth2User.getAuthorities().containsAll(expectedOauth2User.getAuthorities())).isTrue();
    assertThat(oauth2User.getAttributes()).containsExactlyEntriesOf(expectedOauth2User.getAttributes());
    assertThat(oauth2User.getName()).isEqualTo(expectedOauth2User.getName());
}