Examples with OAuth2User org.springframework.security.oauth2.core.user.OAuth2User used on opensource projects

Example 1 with OAuth2User

use of org.springframework.security.oauth2.core.user.OAuth2User in project spring-security by spring-projects.

the class OAuth2LoginAuthenticationProvider method authenticate.

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    OAuth2LoginAuthenticationToken loginAuthenticationToken = (OAuth2LoginAuthenticationToken) authentication;
    // REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
    if (loginAuthenticationToken.getAuthorizationExchange().getAuthorizationRequest().getScopes().contains("openid")) {
        // and let OidcAuthorizationCodeAuthenticationProvider handle it instead
        return null;
    }
    OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthenticationToken;
    try {
        authorizationCodeAuthenticationToken = (OAuth2AuthorizationCodeAuthenticationToken) this.authorizationCodeAuthenticationProvider.authenticate(new OAuth2AuthorizationCodeAuthenticationToken(loginAuthenticationToken.getClientRegistration(), loginAuthenticationToken.getAuthorizationExchange()));
    } catch (OAuth2AuthorizationException ex) {
        OAuth2Error oauth2Error = ex.getError();
        throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), ex);
    }
    OAuth2AccessToken accessToken = authorizationCodeAuthenticationToken.getAccessToken();
    Map<String, Object> additionalParameters = authorizationCodeAuthenticationToken.getAdditionalParameters();
    OAuth2User oauth2User = this.userService.loadUser(new OAuth2UserRequest(loginAuthenticationToken.getClientRegistration(), accessToken, additionalParameters));
    Collection<? extends GrantedAuthority> mappedAuthorities = this.authoritiesMapper.mapAuthorities(oauth2User.getAuthorities());
    OAuth2LoginAuthenticationToken authenticationResult = new OAuth2LoginAuthenticationToken(loginAuthenticationToken.getClientRegistration(), loginAuthenticationToken.getAuthorizationExchange(), oauth2User, mappedAuthorities, accessToken, authorizationCodeAuthenticationToken.getRefreshToken());
    authenticationResult.setDetails(loginAuthenticationToken.getDetails());
    return authenticationResult;
}

Example 2 with OAuth2User

use of org.springframework.security.oauth2.core.user.OAuth2User in project spring-security by spring-projects.

the class OAuth2LoginAuthenticationFilterTests method setUpAuthenticationResult.

private void setUpAuthenticationResult(ClientRegistration registration) {
    OAuth2User user = mock(OAuth2User.class);
    given(user.getName()).willReturn(this.principalName1);
    this.loginAuthentication = mock(OAuth2LoginAuthenticationToken.class);
    given(this.loginAuthentication.getPrincipal()).willReturn(user);
    given(this.loginAuthentication.getName()).willReturn(this.principalName1);
    given(this.loginAuthentication.getAuthorities()).willReturn(AuthorityUtils.createAuthorityList("ROLE_USER"));
    given(this.loginAuthentication.getClientRegistration()).willReturn(registration);
    given(this.loginAuthentication.getAuthorizationExchange()).willReturn(TestOAuth2AuthorizationExchanges.success());
    given(this.loginAuthentication.getAccessToken()).willReturn(mock(OAuth2AccessToken.class));
    given(this.loginAuthentication.getRefreshToken()).willReturn(mock(OAuth2RefreshToken.class));
    given(this.loginAuthentication.isAuthenticated()).willReturn(true);
    given(this.authenticationManager.authenticate(any(Authentication.class))).willReturn(this.loginAuthentication);
}

Example 3 with OAuth2User

use of org.springframework.security.oauth2.core.user.OAuth2User in project spring-security by spring-projects.

the class OAuth2LoginBeanDefinitionParserTests method requestWhenAuthorizationResponseValidThenAuthenticate.

@Test
public void requestWhenAuthorizationResponseValidThenAuthenticate() throws Exception {
    this.spring.configLocations(this.xml("MultiClientRegistration-WithCustomConfiguration")).autowire();
    Map<String, Object> attributes = new HashMap<>();
    attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login");
    OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request().attributes(attributes).build();
    given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())).willReturn(authorizationRequest);
    OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
    given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
    OAuth2User oauth2User = TestOAuth2Users.create();
    given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User);
    MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
    params.add("code", "code123");
    params.add("state", authorizationRequest.getState());
    // @formatter:off
    this.mvc.perform(get("/login/oauth2/code/github-login").params(params)).andExpect(status().is2xxSuccessful());
    // @formatter:on
    ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
    verify(this.authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), authenticationCaptor.capture());
    Authentication authentication = authenticationCaptor.getValue();
    assertThat(authentication.getPrincipal()).isInstanceOf(OAuth2User.class);
}

Example 4 with OAuth2User

use of org.springframework.security.oauth2.core.user.OAuth2User in project spring-security by spring-projects.

the class SecurityMockServerConfigurersOidcLoginTests method oidcUserWhenNameSpecifiedThenUserHasName.

@Test
public void oidcUserWhenNameSpecifiedThenUserHasName() throws Exception {
    OidcUser oidcUser = new DefaultOidcUser(AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_read"), OidcIdToken.withTokenValue("id-token").claim("custom-attribute", "test-subject").build(), "custom-attribute");
    this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oidcUser)).get().uri("/token").exchange().expectStatus().isOk();
    OAuth2AuthenticationToken token = this.controller.token;
    assertThat(token.getPrincipal().getName()).isEqualTo("test-subject");
    this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oidcUser)).get().uri("/client").exchange().expectStatus().isOk();
    OAuth2AuthorizedClient client = this.controller.authorizedClient;
    assertThat(client.getPrincipalName()).isEqualTo("test-subject");
}

Example 5 with OAuth2User

use of org.springframework.security.oauth2.core.user.OAuth2User in project spring-security by spring-projects.

the class SecurityMockServerConfigurersOAuth2LoginTests method oauth2LoginWhenOAuth2UserSpecifiedThenLastCalledTakesPrecedence.

@Test
public void oauth2LoginWhenOAuth2UserSpecifiedThenLastCalledTakesPrecedence() throws Exception {
    OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("SCOPE_read"), Collections.singletonMap("sub", "subject"), "sub");
    this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().attributes((a) -> a.put("subject", "foo")).oauth2User(oauth2User)).get().uri("/token").exchange().expectStatus().isOk();
    OAuth2AuthenticationToken token = this.controller.token;
    assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "subject");
    this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oauth2User).attributes((a) -> a.put("sub", "bar"))).get().uri("/token").exchange().expectStatus().isOk();
    token = this.controller.token;
    assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "bar");
}