Search in sources :

Example 41 with OAuth2User

use of org.springframework.security.oauth2.core.user.OAuth2User in project spring-security by spring-projects.

the class OidcUserService method loadUser.

@Override
public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException {
    Assert.notNull(userRequest, "userRequest cannot be null");
    OidcUserInfo userInfo = null;
    if (this.shouldRetrieveUserInfo(userRequest)) {
        OAuth2User oauth2User = this.oauth2UserService.loadUser(userRequest);
        Map<String, Object> claims = getClaims(userRequest, oauth2User);
        userInfo = new OidcUserInfo(claims);
        // 1) The sub (subject) Claim MUST always be returned in the UserInfo Response
        if (userInfo.getSubject() == null) {
            OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE);
            throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
        }
        // the UserInfo Response values MUST NOT be used.
        if (!userInfo.getSubject().equals(userRequest.getIdToken().getSubject())) {
            OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE);
            throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
        }
    }
    Set<GrantedAuthority> authorities = new LinkedHashSet<>();
    authorities.add(new OidcUserAuthority(userRequest.getIdToken(), userInfo));
    OAuth2AccessToken token = userRequest.getAccessToken();
    for (String authority : token.getScopes()) {
        authorities.add(new SimpleGrantedAuthority("SCOPE_" + authority));
    }
    return getUser(userRequest, userInfo, authorities);
}
Also used : LinkedHashSet(java.util.LinkedHashSet) OAuth2User(org.springframework.security.oauth2.core.user.OAuth2User) OidcUserAuthority(org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) OidcUserInfo(org.springframework.security.oauth2.core.oidc.OidcUserInfo) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException)

Example 42 with OAuth2User

use of org.springframework.security.oauth2.core.user.OAuth2User in project spring-security by spring-projects.

the class CustomUserTypesOAuth2UserServiceTests method setUp.

@BeforeEach
public void setUp() throws Exception {
    this.server = new MockWebServer();
    this.server.start();
    String registrationId = "client-registration-id-1";
    // @formatter:off
    this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration().registrationId(registrationId);
    // @formatter:on
    this.accessToken = TestOAuth2AccessTokens.noScopes();
    Map<String, Class<? extends OAuth2User>> customUserTypes = new HashMap<>();
    customUserTypes.put(registrationId, CustomOAuth2User.class);
    this.userService = new CustomUserTypesOAuth2UserService(customUserTypes);
}
Also used : OAuth2User(org.springframework.security.oauth2.core.user.OAuth2User) HashMap(java.util.HashMap) MockWebServer(okhttp3.mockwebserver.MockWebServer) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 43 with OAuth2User

use of org.springframework.security.oauth2.core.user.OAuth2User in project spring-security by spring-projects.

the class OidcAuthorizationCodeReactiveAuthenticationManager method authenticationResult.

private Mono<OAuth2LoginAuthenticationToken> authenticationResult(OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication, OAuth2AccessTokenResponse accessTokenResponse) {
    OAuth2AccessToken accessToken = accessTokenResponse.getAccessToken();
    ClientRegistration clientRegistration = authorizationCodeAuthentication.getClientRegistration();
    Map<String, Object> additionalParameters = accessTokenResponse.getAdditionalParameters();
    if (!additionalParameters.containsKey(OidcParameterNames.ID_TOKEN)) {
        OAuth2Error invalidIdTokenError = new OAuth2Error(INVALID_ID_TOKEN_ERROR_CODE, "Missing (required) ID Token in Token Response for Client Registration: " + clientRegistration.getRegistrationId(), null);
        return Mono.error(new OAuth2AuthenticationException(invalidIdTokenError, invalidIdTokenError.toString()));
    }
    // @formatter:off
    return createOidcToken(clientRegistration, accessTokenResponse).doOnNext((idToken) -> validateNonce(authorizationCodeAuthentication, idToken)).map((idToken) -> new OidcUserRequest(clientRegistration, accessToken, idToken, additionalParameters)).flatMap(this.userService::loadUser).map((oauth2User) -> {
        Collection<? extends GrantedAuthority> mappedAuthorities = this.authoritiesMapper.mapAuthorities(oauth2User.getAuthorities());
        return new OAuth2LoginAuthenticationToken(authorizationCodeAuthentication.getClientRegistration(), authorizationCodeAuthentication.getAuthorizationExchange(), oauth2User, mappedAuthorities, accessToken, accessTokenResponse.getRefreshToken());
    });
// @formatter:on
}
Also used : OidcUser(org.springframework.security.oauth2.core.oidc.user.OidcUser) MessageDigest(java.security.MessageDigest) OAuth2AuthorizationException(org.springframework.security.oauth2.core.OAuth2AuthorizationException) OidcParameterNames(org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames) OAuth2AuthorizationCodeAuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken) Map(java.util.Map) ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager) ReactiveOAuth2UserService(org.springframework.security.oauth2.client.userinfo.ReactiveOAuth2UserService) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) ReactiveJwtDecoder(org.springframework.security.oauth2.jwt.ReactiveJwtDecoder) OAuth2LoginAuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken) OAuth2AuthorizationResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse) OidcIdToken(org.springframework.security.oauth2.core.oidc.OidcIdToken) Collection(java.util.Collection) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) Mono(reactor.core.publisher.Mono) ReactiveOAuth2AccessTokenResponseClient(org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient) OAuth2AccessTokenResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) StandardCharsets(java.nio.charset.StandardCharsets) GrantedAuthority(org.springframework.security.core.GrantedAuthority) OAuth2AuthorizationCodeGrantRequest(org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest) Base64(java.util.Base64) GrantedAuthoritiesMapper(org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper) OAuth2User(org.springframework.security.oauth2.core.user.OAuth2User) ReactiveJwtDecoderFactory(org.springframework.security.oauth2.jwt.ReactiveJwtDecoderFactory) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) JwtException(org.springframework.security.oauth2.jwt.JwtException) Authentication(org.springframework.security.core.Authentication) OidcUserRequest(org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest) Assert(org.springframework.util.Assert) OidcUserRequest(org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) OAuth2LoginAuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)

Example 44 with OAuth2User

use of org.springframework.security.oauth2.core.user.OAuth2User in project spring-security by spring-projects.

the class OAuth2LoginReactiveAuthenticationManager method onSuccess.

private Mono<OAuth2LoginAuthenticationToken> onSuccess(OAuth2AuthorizationCodeAuthenticationToken authentication) {
    OAuth2AccessToken accessToken = authentication.getAccessToken();
    Map<String, Object> additionalParameters = authentication.getAdditionalParameters();
    OAuth2UserRequest userRequest = new OAuth2UserRequest(authentication.getClientRegistration(), accessToken, additionalParameters);
    return this.userService.loadUser(userRequest).map((oauth2User) -> {
        Collection<? extends GrantedAuthority> mappedAuthorities = this.authoritiesMapper.mapAuthorities(oauth2User.getAuthorities());
        OAuth2LoginAuthenticationToken authenticationResult = new OAuth2LoginAuthenticationToken(authentication.getClientRegistration(), authentication.getAuthorizationExchange(), oauth2User, mappedAuthorities, accessToken, authentication.getRefreshToken());
        return authenticationResult;
    });
}
Also used : OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) OAuth2UserRequest(org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest)

Example 45 with OAuth2User

use of org.springframework.security.oauth2.core.user.OAuth2User in project spring-security by spring-projects.

the class OAuth2AuthenticationTokenMixinTests method deserializeWhenMixinRegisteredThenDeserializes.

@Test
public void deserializeWhenMixinRegisteredThenDeserializes() throws Exception {
    // OidcUser
    OAuth2AuthenticationToken expectedAuthentication = TestOAuth2AuthenticationTokens.oidcAuthenticated();
    String json = asJson(expectedAuthentication);
    OAuth2AuthenticationToken authentication = this.mapper.readValue(json, OAuth2AuthenticationToken.class);
    assertThat(authentication.getAuthorities()).containsExactlyElementsOf(expectedAuthentication.getAuthorities());
    assertThat(authentication.getDetails()).isEqualTo(expectedAuthentication.getDetails());
    assertThat(authentication.isAuthenticated()).isEqualTo(expectedAuthentication.isAuthenticated());
    assertThat(authentication.getAuthorizedClientRegistrationId()).isEqualTo(expectedAuthentication.getAuthorizedClientRegistrationId());
    DefaultOidcUser expectedOidcUser = (DefaultOidcUser) expectedAuthentication.getPrincipal();
    DefaultOidcUser oidcUser = (DefaultOidcUser) authentication.getPrincipal();
    assertThat(oidcUser.getAuthorities().containsAll(expectedOidcUser.getAuthorities())).isTrue();
    assertThat(oidcUser.getAttributes()).containsExactlyEntriesOf(expectedOidcUser.getAttributes());
    assertThat(oidcUser.getName()).isEqualTo(expectedOidcUser.getName());
    OidcIdToken expectedIdToken = expectedOidcUser.getIdToken();
    OidcIdToken idToken = oidcUser.getIdToken();
    assertThat(idToken.getTokenValue()).isEqualTo(expectedIdToken.getTokenValue());
    assertThat(idToken.getIssuedAt()).isEqualTo(expectedIdToken.getIssuedAt());
    assertThat(idToken.getExpiresAt()).isEqualTo(expectedIdToken.getExpiresAt());
    assertThat(idToken.getClaims()).containsExactlyEntriesOf(expectedIdToken.getClaims());
    OidcUserInfo expectedUserInfo = expectedOidcUser.getUserInfo();
    OidcUserInfo userInfo = oidcUser.getUserInfo();
    assertThat(userInfo.getClaims()).containsExactlyEntriesOf(expectedUserInfo.getClaims());
    // OAuth2User
    expectedAuthentication = TestOAuth2AuthenticationTokens.authenticated();
    json = asJson(expectedAuthentication);
    authentication = this.mapper.readValue(json, OAuth2AuthenticationToken.class);
    assertThat(authentication.getAuthorities()).containsExactlyElementsOf(expectedAuthentication.getAuthorities());
    assertThat(authentication.getDetails()).isEqualTo(expectedAuthentication.getDetails());
    assertThat(authentication.isAuthenticated()).isEqualTo(expectedAuthentication.isAuthenticated());
    assertThat(authentication.getAuthorizedClientRegistrationId()).isEqualTo(expectedAuthentication.getAuthorizedClientRegistrationId());
    DefaultOAuth2User expectedOauth2User = (DefaultOAuth2User) expectedAuthentication.getPrincipal();
    DefaultOAuth2User oauth2User = (DefaultOAuth2User) authentication.getPrincipal();
    assertThat(oauth2User.getAuthorities().containsAll(expectedOauth2User.getAuthorities())).isTrue();
    assertThat(oauth2User.getAttributes()).containsExactlyEntriesOf(expectedOauth2User.getAttributes());
    assertThat(oauth2User.getName()).isEqualTo(expectedOauth2User.getName());
}
Also used : OAuth2AuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken) OidcIdToken(org.springframework.security.oauth2.core.oidc.OidcIdToken) DefaultOAuth2User(org.springframework.security.oauth2.core.user.DefaultOAuth2User) OidcUserInfo(org.springframework.security.oauth2.core.oidc.OidcUserInfo) DefaultOidcUser(org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser) Test(org.junit.jupiter.api.Test)

Aggregations

OAuth2User (org.springframework.security.oauth2.core.user.OAuth2User)46 Test (org.junit.jupiter.api.Test)37 HashMap (java.util.HashMap)22 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)16 DefaultOAuth2User (org.springframework.security.oauth2.core.user.DefaultOAuth2User)16 OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)14 OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)13 OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)13 GrantedAuthority (org.springframework.security.core.GrantedAuthority)12 OAuth2AuthenticationException (org.springframework.security.oauth2.core.OAuth2AuthenticationException)12 Map (java.util.Map)10 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)10 OAuth2AuthenticationToken (org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken)10 OAuth2AuthorizedClient (org.springframework.security.oauth2.client.OAuth2AuthorizedClient)9 Authentication (org.springframework.security.core.Authentication)8 AuthorityUtils (org.springframework.security.core.authority.AuthorityUtils)8 OAuth2UserRequest (org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest)8 OAuth2Error (org.springframework.security.oauth2.core.OAuth2Error)8 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)7 BeforeEach (org.junit.jupiter.api.BeforeEach)7