use of org.springframework.security.oauth2.core.oidc.user.OidcUser in project spring-security by spring-projects.
the class OidcUserService method getUser.
private OidcUser getUser(OidcUserRequest userRequest, OidcUserInfo userInfo, Set<GrantedAuthority> authorities) {
ProviderDetails providerDetails = userRequest.getClientRegistration().getProviderDetails();
String userNameAttributeName = providerDetails.getUserInfoEndpoint().getUserNameAttributeName();
if (StringUtils.hasText(userNameAttributeName)) {
return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo, userNameAttributeName);
}
return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo);
}
use of org.springframework.security.oauth2.core.oidc.user.OidcUser in project spring-security by spring-projects.
the class OidcClientInitiatedLogoutSuccessHandler method determineTargetUrl.
@Override
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
String targetUrl = null;
if (authentication instanceof OAuth2AuthenticationToken && authentication.getPrincipal() instanceof OidcUser) {
String registrationId = ((OAuth2AuthenticationToken) authentication).getAuthorizedClientRegistrationId();
ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId);
URI endSessionEndpoint = this.endSessionEndpoint(clientRegistration);
if (endSessionEndpoint != null) {
String idToken = idToken(authentication);
String postLogoutRedirectUri = postLogoutRedirectUri(request);
targetUrl = endpointUri(endSessionEndpoint, idToken, postLogoutRedirectUri);
}
}
return (targetUrl != null) ? targetUrl : super.determineTargetUrl(request, response);
}
use of org.springframework.security.oauth2.core.oidc.user.OidcUser in project spring-security by spring-projects.
the class SecurityMockMvcRequestPostProcessorsOidcLoginTests method oidcLoginWhenOidcUserSpecifiedThenLastCalledTakesPrecedence.
// gh-7794
@Test
public void oidcLoginWhenOidcUserSpecifiedThenLastCalledTakesPrecedence() throws Exception {
OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.createAuthorityList("SCOPE_read"), TestOidcIdTokens.idToken().build());
this.mvc.perform(get("/id-token/sub").with(oidcLogin().idToken((i) -> i.subject("foo")).oidcUser(oidcUser))).andExpect(status().isOk()).andExpect(content().string("subject"));
this.mvc.perform(get("/id-token/sub").with(oidcLogin().oidcUser(oidcUser).idToken((i) -> i.subject("bar")))).andExpect(content().string("bar"));
}
use of org.springframework.security.oauth2.core.oidc.user.OidcUser in project spring-security by spring-projects.
the class SecurityMockServerConfigurersOidcLoginTests method oidcUserWhenNameSpecifiedThenUserHasName.
@Test
public void oidcUserWhenNameSpecifiedThenUserHasName() throws Exception {
OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_read"), OidcIdToken.withTokenValue("id-token").claim("custom-attribute", "test-subject").build(), "custom-attribute");
this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oidcUser)).get().uri("/token").exchange().expectStatus().isOk();
OAuth2AuthenticationToken token = this.controller.token;
assertThat(token.getPrincipal().getName()).isEqualTo("test-subject");
this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oidcUser)).get().uri("/client").exchange().expectStatus().isOk();
OAuth2AuthorizedClient client = this.controller.authorizedClient;
assertThat(client.getPrincipalName()).isEqualTo("test-subject");
}
use of org.springframework.security.oauth2.core.oidc.user.OidcUser in project spring-security by spring-projects.
the class OidcAuthorizationCodeAuthenticationProviderTests method authenticateWhenLoginSuccessThenReturnAuthentication.
@Test
public void authenticateWhenLoginSuccessThenReturnAuthentication() {
Map<String, Object> claims = new HashMap<>();
claims.put(IdTokenClaimNames.ISS, "https://provider.com");
claims.put(IdTokenClaimNames.SUB, "subject1");
claims.put(IdTokenClaimNames.AUD, Arrays.asList("client1", "client2"));
claims.put(IdTokenClaimNames.AZP, "client1");
claims.put(IdTokenClaimNames.NONCE, this.nonceHash);
this.setUpIdToken(claims);
OidcUser principal = mock(OidcUser.class);
List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
given(principal.getAuthorities()).willAnswer((Answer<List<GrantedAuthority>>) (invocation) -> authorities);
given(this.userService.loadUser(any())).willReturn(principal);
OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider.authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange));
assertThat(authentication.isAuthenticated()).isTrue();
assertThat(authentication.getPrincipal()).isEqualTo(principal);
assertThat(authentication.getCredentials()).isEqualTo("");
assertThat(authentication.getAuthorities()).isEqualTo(authorities);
assertThat(authentication.getClientRegistration()).isEqualTo(this.clientRegistration);
assertThat(authentication.getAuthorizationExchange()).isEqualTo(this.authorizationExchange);
assertThat(authentication.getAccessToken()).isEqualTo(this.accessTokenResponse.getAccessToken());
assertThat(authentication.getRefreshToken()).isEqualTo(this.accessTokenResponse.getRefreshToken());
}
Aggregations