Search in sources :

Example 1 with OidcUserAuthority

use of org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority in project spring-security by spring-projects.

the class OidcReactiveOAuth2UserService method loadUser.

@Override
public Mono<OidcUser> loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException {
    Assert.notNull(userRequest, "userRequest cannot be null");
    // @formatter:off
    return getUserInfo(userRequest).map((userInfo) -> new OidcUserAuthority(userRequest.getIdToken(), userInfo)).defaultIfEmpty(new OidcUserAuthority(userRequest.getIdToken(), null)).map((authority) -> {
        OidcUserInfo userInfo = authority.getUserInfo();
        Set<GrantedAuthority> authorities = new HashSet<>();
        authorities.add(authority);
        OAuth2AccessToken token = userRequest.getAccessToken();
        for (String scope : token.getScopes()) {
            authorities.add(new SimpleGrantedAuthority("SCOPE_" + scope));
        }
        String userNameAttributeName = userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName();
        if (StringUtils.hasText(userNameAttributeName)) {
            return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo, userNameAttributeName);
        }
        return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo);
    });
// @formatter:on
}
Also used : SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) OidcUserAuthority(org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) OidcUserInfo(org.springframework.security.oauth2.core.oidc.OidcUserInfo) DefaultOidcUser(org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser) HashSet(java.util.HashSet)

Example 2 with OidcUserAuthority

use of org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority in project spring-security by spring-projects.

the class OidcUserServiceTests method loadUserWhenUserInfoSuccessResponseThenReturnUser.

@Test
public void loadUserWhenUserInfoSuccessResponseThenReturnUser() {
    // @formatter:off
    String userInfoResponse = "{\n" + "   \"sub\": \"subject1\",\n" + "   \"name\": \"first last\",\n" + "   \"given_name\": \"first\",\n" + "   \"family_name\": \"last\",\n" + "   \"preferred_username\": \"user1\",\n" + "   \"email\": \"user1@example.com\"\n" + "}\n";
    // @formatter:on
    this.server.enqueue(jsonResponse(userInfoResponse));
    String userInfoUri = this.server.url("/user").toString();
    ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build();
    OidcUser user = this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken));
    assertThat(user.getIdToken()).isNotNull();
    assertThat(user.getUserInfo()).isNotNull();
    assertThat(user.getUserInfo().getClaims().size()).isEqualTo(6);
    assertThat(user.getIdToken()).isEqualTo(this.idToken);
    assertThat(user.getName()).isEqualTo("subject1");
    assertThat(user.getUserInfo().getSubject()).isEqualTo("subject1");
    assertThat(user.getUserInfo().getFullName()).isEqualTo("first last");
    assertThat(user.getUserInfo().getGivenName()).isEqualTo("first");
    assertThat(user.getUserInfo().getFamilyName()).isEqualTo("last");
    assertThat(user.getUserInfo().getPreferredUsername()).isEqualTo("user1");
    assertThat(user.getUserInfo().getEmail()).isEqualTo("user1@example.com");
    assertThat(user.getAuthorities().size()).isEqualTo(3);
    assertThat(user.getAuthorities().iterator().next()).isInstanceOf(OidcUserAuthority.class);
    OidcUserAuthority userAuthority = (OidcUserAuthority) user.getAuthorities().iterator().next();
    assertThat(userAuthority.getAuthority()).isEqualTo("ROLE_USER");
    assertThat(userAuthority.getIdToken()).isEqualTo(user.getIdToken());
    assertThat(userAuthority.getUserInfo()).isEqualTo(user.getUserInfo());
}
Also used : OidcUserAuthority(org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) OidcUser(org.springframework.security.oauth2.core.oidc.user.OidcUser) Test(org.junit.jupiter.api.Test)

Example 3 with OidcUserAuthority

use of org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority in project spring-security by spring-projects.

the class OAuth2AuthenticationTokenMixinTests method asJson.

private static String asJson(Collection<? extends GrantedAuthority> authorities, String classTypeInfo) {
    OAuth2UserAuthority oauth2UserAuthority = null;
    OidcUserAuthority oidcUserAuthority = null;
    List<SimpleGrantedAuthority> simpleAuthorities = new ArrayList<>();
    for (GrantedAuthority authority : authorities) {
        if (authority instanceof OidcUserAuthority) {
            oidcUserAuthority = (OidcUserAuthority) authority;
        } else if (authority instanceof OAuth2UserAuthority) {
            oauth2UserAuthority = (OAuth2UserAuthority) authority;
        } else if (authority instanceof SimpleGrantedAuthority) {
            simpleAuthorities.add((SimpleGrantedAuthority) authority);
        }
    }
    String authoritiesJson = (oidcUserAuthority != null) ? asJson(oidcUserAuthority) : (oauth2UserAuthority != null) ? asJson(oauth2UserAuthority) : "";
    if (!simpleAuthorities.isEmpty()) {
        if (!StringUtils.isEmpty(authoritiesJson)) {
            authoritiesJson += ",";
        }
        authoritiesJson += asJson(simpleAuthorities);
    }
    // @formatter:off
    return "[\n" + "      \"" + classTypeInfo + "\",\n" + "      [" + authoritiesJson + "]\n" + "    ]";
// @formatter:on
}
Also used : SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) OidcUserAuthority(org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ArrayList(java.util.ArrayList) OAuth2UserAuthority(org.springframework.security.oauth2.core.user.OAuth2UserAuthority)

Example 4 with OidcUserAuthority

use of org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority in project spring-security by spring-projects.

the class OidcUserService method loadUser.

@Override
public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException {
    Assert.notNull(userRequest, "userRequest cannot be null");
    OidcUserInfo userInfo = null;
    if (this.shouldRetrieveUserInfo(userRequest)) {
        OAuth2User oauth2User = this.oauth2UserService.loadUser(userRequest);
        Map<String, Object> claims = getClaims(userRequest, oauth2User);
        userInfo = new OidcUserInfo(claims);
        // 1) The sub (subject) Claim MUST always be returned in the UserInfo Response
        if (userInfo.getSubject() == null) {
            OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE);
            throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
        }
        // the UserInfo Response values MUST NOT be used.
        if (!userInfo.getSubject().equals(userRequest.getIdToken().getSubject())) {
            OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE);
            throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
        }
    }
    Set<GrantedAuthority> authorities = new LinkedHashSet<>();
    authorities.add(new OidcUserAuthority(userRequest.getIdToken(), userInfo));
    OAuth2AccessToken token = userRequest.getAccessToken();
    for (String authority : token.getScopes()) {
        authorities.add(new SimpleGrantedAuthority("SCOPE_" + authority));
    }
    return getUser(userRequest, userInfo, authorities);
}
Also used : LinkedHashSet(java.util.LinkedHashSet) OAuth2User(org.springframework.security.oauth2.core.user.OAuth2User) OidcUserAuthority(org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) OidcUserInfo(org.springframework.security.oauth2.core.oidc.OidcUserInfo) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException)

Aggregations

OidcUserAuthority (org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority)4 GrantedAuthority (org.springframework.security.core.GrantedAuthority)3 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)3 OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)2 OidcUserInfo (org.springframework.security.oauth2.core.oidc.OidcUserInfo)2 ArrayList (java.util.ArrayList)1 HashSet (java.util.HashSet)1 LinkedHashSet (java.util.LinkedHashSet)1 Test (org.junit.jupiter.api.Test)1 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)1 OAuth2AuthenticationException (org.springframework.security.oauth2.core.OAuth2AuthenticationException)1 OAuth2Error (org.springframework.security.oauth2.core.OAuth2Error)1 DefaultOidcUser (org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser)1 OidcUser (org.springframework.security.oauth2.core.oidc.user.OidcUser)1 OAuth2User (org.springframework.security.oauth2.core.user.OAuth2User)1 OAuth2UserAuthority (org.springframework.security.oauth2.core.user.OAuth2UserAuthority)1