Search in sources :

Example 1 with org.springframework.security.oauth2.server.authorization

use of org.springframework.security.oauth2.server.authorization in project spring-boot by spring-projects.

the class OAuth2ClientPropertiesRegistrationAdapterTests method getClientRegistrationsWhenUsingCommonProviderShouldAdapt.

@Test
void getClientRegistrationsWhenUsingCommonProviderShouldAdapt() {
    OAuth2ClientProperties properties = new OAuth2ClientProperties();
    OAuth2ClientProperties.Registration registration = new OAuth2ClientProperties.Registration();
    registration.setProvider("google");
    registration.setClientId("clientId");
    registration.setClientSecret("clientSecret");
    properties.getRegistration().put("registration", registration);
    Map<String, ClientRegistration> registrations = OAuth2ClientPropertiesRegistrationAdapter.getClientRegistrations(properties);
    ClientRegistration adapted = registrations.get("registration");
    ProviderDetails adaptedProvider = adapted.getProviderDetails();
    assertThat(adaptedProvider.getAuthorizationUri()).isEqualTo("https://accounts.google.com/o/oauth2/v2/auth");
    assertThat(adaptedProvider.getTokenUri()).isEqualTo("https://www.googleapis.com/oauth2/v4/token");
    UserInfoEndpoint userInfoEndpoint = adaptedProvider.getUserInfoEndpoint();
    assertThat(userInfoEndpoint.getUri()).isEqualTo("https://www.googleapis.com/oauth2/v3/userinfo");
    assertThat(userInfoEndpoint.getUserNameAttributeName()).isEqualTo(IdTokenClaimNames.SUB);
    assertThat(adaptedProvider.getJwkSetUri()).isEqualTo("https://www.googleapis.com/oauth2/v3/certs");
    assertThat(adapted.getRegistrationId()).isEqualTo("registration");
    assertThat(adapted.getClientId()).isEqualTo("clientId");
    assertThat(adapted.getClientSecret()).isEqualTo("clientSecret");
    assertThat(adapted.getClientAuthenticationMethod()).isEqualTo(org.springframework.security.oauth2.core.ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
    assertThat(adapted.getAuthorizationGrantType()).isEqualTo(org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE);
    assertThat(adapted.getRedirectUri()).isEqualTo("{baseUrl}/{action}/oauth2/code/{registrationId}");
    assertThat(adapted.getScopes()).containsExactly("openid", "profile", "email");
    assertThat(adapted.getClientName()).isEqualTo("Google");
}
Also used : ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) Registration(org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties.Registration) Registration(org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties.Registration) UserInfoEndpoint(org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails.UserInfoEndpoint) ProviderDetails(org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails) Test(org.junit.jupiter.api.Test)

Example 2 with org.springframework.security.oauth2.server.authorization

use of org.springframework.security.oauth2.server.authorization in project spring-boot by spring-projects.

the class OAuth2ClientPropertiesRegistrationAdapterTests method getClientRegistrationsWhenUsingDefinedProviderShouldAdapt.

@Test
void getClientRegistrationsWhenUsingDefinedProviderShouldAdapt() {
    OAuth2ClientProperties properties = new OAuth2ClientProperties();
    Provider provider = createProvider();
    provider.setUserInfoAuthenticationMethod("form");
    OAuth2ClientProperties.Registration registration = createRegistration("provider");
    registration.setClientName("clientName");
    properties.getRegistration().put("registration", registration);
    properties.getProvider().put("provider", provider);
    Map<String, ClientRegistration> registrations = OAuth2ClientPropertiesRegistrationAdapter.getClientRegistrations(properties);
    ClientRegistration adapted = registrations.get("registration");
    ProviderDetails adaptedProvider = adapted.getProviderDetails();
    assertThat(adaptedProvider.getAuthorizationUri()).isEqualTo("https://example.com/auth");
    assertThat(adaptedProvider.getTokenUri()).isEqualTo("https://example.com/token");
    UserInfoEndpoint userInfoEndpoint = adaptedProvider.getUserInfoEndpoint();
    assertThat(userInfoEndpoint.getUri()).isEqualTo("https://example.com/info");
    assertThat(userInfoEndpoint.getAuthenticationMethod()).isEqualTo(org.springframework.security.oauth2.core.AuthenticationMethod.FORM);
    assertThat(userInfoEndpoint.getUserNameAttributeName()).isEqualTo("sub");
    assertThat(adaptedProvider.getJwkSetUri()).isEqualTo("https://example.com/jwk");
    assertThat(adapted.getRegistrationId()).isEqualTo("registration");
    assertThat(adapted.getClientId()).isEqualTo("clientId");
    assertThat(adapted.getClientSecret()).isEqualTo("clientSecret");
    assertThat(adapted.getClientAuthenticationMethod()).isEqualTo(org.springframework.security.oauth2.core.ClientAuthenticationMethod.CLIENT_SECRET_POST);
    assertThat(adapted.getAuthorizationGrantType()).isEqualTo(org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE);
    assertThat(adapted.getRedirectUri()).isEqualTo("https://example.com/redirect");
    assertThat(adapted.getScopes()).containsExactly("user");
    assertThat(adapted.getClientName()).isEqualTo("clientName");
}
Also used : ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) Registration(org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties.Registration) UserInfoEndpoint(org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails.UserInfoEndpoint) ProviderDetails(org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails) Provider(org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties.Provider) Test(org.junit.jupiter.api.Test)

Example 3 with org.springframework.security.oauth2.server.authorization

use of org.springframework.security.oauth2.server.authorization in project spring-boot by spring-projects.

the class OAuth2ClientPropertiesRegistrationAdapterTests method getClientRegistrationsWhenProviderNotSpecifiedShouldUseRegistrationId.

@Test
void getClientRegistrationsWhenProviderNotSpecifiedShouldUseRegistrationId() {
    OAuth2ClientProperties properties = new OAuth2ClientProperties();
    OAuth2ClientProperties.Registration registration = new OAuth2ClientProperties.Registration();
    registration.setClientId("clientId");
    registration.setClientSecret("clientSecret");
    properties.getRegistration().put("google", registration);
    Map<String, ClientRegistration> registrations = OAuth2ClientPropertiesRegistrationAdapter.getClientRegistrations(properties);
    ClientRegistration adapted = registrations.get("google");
    ProviderDetails adaptedProvider = adapted.getProviderDetails();
    assertThat(adaptedProvider.getAuthorizationUri()).isEqualTo("https://accounts.google.com/o/oauth2/v2/auth");
    assertThat(adaptedProvider.getTokenUri()).isEqualTo("https://www.googleapis.com/oauth2/v4/token");
    UserInfoEndpoint userInfoEndpoint = adaptedProvider.getUserInfoEndpoint();
    assertThat(userInfoEndpoint.getUri()).isEqualTo("https://www.googleapis.com/oauth2/v3/userinfo");
    assertThat(userInfoEndpoint.getAuthenticationMethod()).isEqualTo(org.springframework.security.oauth2.core.AuthenticationMethod.HEADER);
    assertThat(adaptedProvider.getJwkSetUri()).isEqualTo("https://www.googleapis.com/oauth2/v3/certs");
    assertThat(adapted.getRegistrationId()).isEqualTo("google");
    assertThat(adapted.getClientId()).isEqualTo("clientId");
    assertThat(adapted.getClientSecret()).isEqualTo("clientSecret");
    assertThat(adapted.getClientAuthenticationMethod()).isEqualTo(org.springframework.security.oauth2.core.ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
    assertThat(adapted.getAuthorizationGrantType()).isEqualTo(org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE);
    assertThat(adapted.getRedirectUri()).isEqualTo("{baseUrl}/{action}/oauth2/code/{registrationId}");
    assertThat(adapted.getScopes()).containsExactly("openid", "profile", "email");
    assertThat(adapted.getClientName()).isEqualTo("Google");
}
Also used : ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) Registration(org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties.Registration) Registration(org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties.Registration) UserInfoEndpoint(org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails.UserInfoEndpoint) ProviderDetails(org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails) Test(org.junit.jupiter.api.Test)

Example 4 with org.springframework.security.oauth2.server.authorization

use of org.springframework.security.oauth2.server.authorization in project spring-boot by spring-projects.

the class OAuth2ClientPropertiesRegistrationAdapterTests method getClientRegistrationsWhenUsingCommonProviderWithOverrideShouldAdapt.

@Test
void getClientRegistrationsWhenUsingCommonProviderWithOverrideShouldAdapt() {
    OAuth2ClientProperties properties = new OAuth2ClientProperties();
    OAuth2ClientProperties.Registration registration = createRegistration("google");
    registration.setClientName("clientName");
    properties.getRegistration().put("registration", registration);
    Map<String, ClientRegistration> registrations = OAuth2ClientPropertiesRegistrationAdapter.getClientRegistrations(properties);
    ClientRegistration adapted = registrations.get("registration");
    ProviderDetails adaptedProvider = adapted.getProviderDetails();
    assertThat(adaptedProvider.getAuthorizationUri()).isEqualTo("https://accounts.google.com/o/oauth2/v2/auth");
    assertThat(adaptedProvider.getTokenUri()).isEqualTo("https://www.googleapis.com/oauth2/v4/token");
    UserInfoEndpoint userInfoEndpoint = adaptedProvider.getUserInfoEndpoint();
    assertThat(userInfoEndpoint.getUri()).isEqualTo("https://www.googleapis.com/oauth2/v3/userinfo");
    assertThat(userInfoEndpoint.getUserNameAttributeName()).isEqualTo(IdTokenClaimNames.SUB);
    assertThat(userInfoEndpoint.getAuthenticationMethod()).isEqualTo(org.springframework.security.oauth2.core.AuthenticationMethod.HEADER);
    assertThat(adaptedProvider.getJwkSetUri()).isEqualTo("https://www.googleapis.com/oauth2/v3/certs");
    assertThat(adapted.getRegistrationId()).isEqualTo("registration");
    assertThat(adapted.getClientId()).isEqualTo("clientId");
    assertThat(adapted.getClientSecret()).isEqualTo("clientSecret");
    assertThat(adapted.getClientAuthenticationMethod()).isEqualTo(org.springframework.security.oauth2.core.ClientAuthenticationMethod.CLIENT_SECRET_POST);
    assertThat(adapted.getAuthorizationGrantType()).isEqualTo(org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE);
    assertThat(adapted.getRedirectUri()).isEqualTo("https://example.com/redirect");
    assertThat(adapted.getScopes()).containsExactly("user");
    assertThat(adapted.getClientName()).isEqualTo("clientName");
}
Also used : ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) Registration(org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties.Registration) UserInfoEndpoint(org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails.UserInfoEndpoint) ProviderDetails(org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails) Test(org.junit.jupiter.api.Test)

Example 5 with org.springframework.security.oauth2.server.authorization

use of org.springframework.security.oauth2.server.authorization in project spring-security-oauth by spring-projects.

the class TokenApprovalStore method getApprovals.

/**
 * Extract the implied approvals from any tokens associated with the user and client id supplied.
 *
 * @see org.springframework.security.oauth2.provider.approval.ApprovalStore#getApprovals(java.lang.String,
 * java.lang.String)
 */
@Override
public Collection<Approval> getApprovals(String userId, String clientId) {
    Collection<Approval> result = new HashSet<Approval>();
    Collection<OAuth2AccessToken> tokens = store.findTokensByClientIdAndUserName(clientId, userId);
    for (OAuth2AccessToken token : tokens) {
        OAuth2Authentication authentication = store.readAuthentication(token);
        if (authentication != null) {
            Date expiresAt = token.getExpiration();
            for (String scope : token.getScope()) {
                result.add(new Approval(userId, clientId, scope, expiresAt, ApprovalStatus.APPROVED));
            }
        }
    }
    return result;
}
Also used : OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Date(java.util.Date) HashSet(java.util.HashSet)

Aggregations

ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)7 ProviderDetails (org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails)5 UserInfoEndpoint (org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails.UserInfoEndpoint)5 Test (org.junit.jupiter.api.Test)4 Registration (org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties.Registration)4 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)4 HashSet (java.util.HashSet)3 ParseException (java.text.ParseException)2 Date (java.util.Date)2 Provider (org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties.Provider)2 JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)1 KeySourceException (com.nimbusds.jose.KeySourceException)1 JWK (com.nimbusds.jose.jwk.JWK)1 JWKMatcher (com.nimbusds.jose.jwk.JWKMatcher)1 JWKSelector (com.nimbusds.jose.jwk.JWKSelector)1 JWT (com.nimbusds.jwt.JWT)1 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)1 DecodedJwt (com.sap.cloud.security.xsuaa.jwt.DecodedJwt)1 IOException (java.io.IOException)1 Clock (java.time.Clock)1