Examples with OAuth2Authorization org.springframework.security.oauth2.server.authorization.OAuth2Authorization used on opensource projects

Example 46 with OAuth2Authorization

use of org.springframework.security.oauth2.server.authorization.OAuth2Authorization in project spring-authorization-server by spring-projects.

the class OidcUserInfoTests method requestWhenUserInfoRequestThenBearerTokenAuthenticationNotPersisted.

// gh-482
@Test
public void requestWhenUserInfoRequestThenBearerTokenAuthenticationNotPersisted() throws Exception {
    this.spring.register(AuthorizationServerConfigurationWithSecurityContextRepository.class).autowire();
    OAuth2Authorization authorization = createAuthorization();
    this.authorizationService.save(authorization);
    OAuth2AccessToken accessToken = authorization.getAccessToken().getToken();
    // @formatter:off
    this.mvc.perform(get(DEFAULT_OIDC_USER_INFO_ENDPOINT_URI).header(HttpHeaders.AUTHORIZATION, "Bearer " + accessToken.getTokenValue())).andExpect(status().is2xxSuccessful()).andExpect(userInfoResponse());
    // @formatter:on
    verify(securityContextRepository, never()).saveContext(any(), any(), any());
}

Example 47 with OAuth2Authorization

use of org.springframework.security.oauth2.server.authorization.OAuth2Authorization in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeGrantTests method requestWhenConfidentialClientWithPkceAndMissingCodeVerifierThenBadRequest.

@Test
public void requestWhenConfidentialClientWithPkceAndMissingCodeVerifierThenBadRequest() throws Exception {
    this.spring.register(AuthorizationServerConfiguration.class).autowire();
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
    this.registeredClientRepository.save(registeredClient);
    MvcResult mvcResult = this.mvc.perform(get(DEFAULT_AUTHORIZATION_ENDPOINT_URI).params(getAuthorizationRequestParameters(registeredClient)).param(PkceParameterNames.CODE_CHALLENGE, S256_CODE_CHALLENGE).param(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256").with(user("user"))).andExpect(status().is3xxRedirection()).andReturn();
    String redirectedUrl = mvcResult.getResponse().getRedirectedUrl();
    assertThat(redirectedUrl).matches("https://example.com\\?code=.{15,}&state=state");
    String authorizationCode = extractParameterFromRedirectUri(redirectedUrl, "code");
    OAuth2Authorization authorizationCodeAuthorization = this.authorizationService.findByToken(authorizationCode, AUTHORIZATION_CODE_TOKEN_TYPE);
    assertThat(authorizationCodeAuthorization).isNotNull();
    assertThat(authorizationCodeAuthorization.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
    this.mvc.perform(post(DEFAULT_TOKEN_ENDPOINT_URI).params(getTokenRequestParameters(registeredClient, authorizationCodeAuthorization)).param(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId()).header(HttpHeaders.AUTHORIZATION, getAuthorizationHeader(registeredClient))).andExpect(status().isBadRequest());
}

Example 48 with OAuth2Authorization

use of org.springframework.security.oauth2.server.authorization.OAuth2Authorization in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeGrantTests method assertAuthorizationRequestRedirectsToClient.

private void assertAuthorizationRequestRedirectsToClient(String authorizationEndpointUri) throws Exception {
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
    this.registeredClientRepository.save(registeredClient);
    MvcResult mvcResult = this.mvc.perform(get(authorizationEndpointUri).params(getAuthorizationRequestParameters(registeredClient)).with(user("user"))).andExpect(status().is3xxRedirection()).andReturn();
    String redirectedUrl = mvcResult.getResponse().getRedirectedUrl();
    assertThat(redirectedUrl).matches("https://example.com\\?code=.{15,}&state=state");
    String authorizationCode = extractParameterFromRedirectUri(redirectedUrl, "code");
    OAuth2Authorization authorization = this.authorizationService.findByToken(authorizationCode, AUTHORIZATION_CODE_TOKEN_TYPE);
    assertThat(authorization).isNotNull();
    assertThat(authorization.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
}

Example 49 with OAuth2Authorization

use of org.springframework.security.oauth2.server.authorization.OAuth2Authorization in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeGrantTests method requestWhenPublicClientWithPkceThenReturnAccessTokenResponse.

@Test
public void requestWhenPublicClientWithPkceThenReturnAccessTokenResponse() throws Exception {
    this.spring.register(AuthorizationServerConfiguration.class).autowire();
    RegisteredClient registeredClient = TestRegisteredClients.registeredPublicClient().build();
    this.registeredClientRepository.save(registeredClient);
    MvcResult mvcResult = this.mvc.perform(get(DEFAULT_AUTHORIZATION_ENDPOINT_URI).params(getAuthorizationRequestParameters(registeredClient)).param(PkceParameterNames.CODE_CHALLENGE, S256_CODE_CHALLENGE).param(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256").with(user("user"))).andExpect(status().is3xxRedirection()).andReturn();
    String redirectedUrl = mvcResult.getResponse().getRedirectedUrl();
    assertThat(redirectedUrl).matches("https://example.com\\?code=.{15,}&state=state");
    String authorizationCode = extractParameterFromRedirectUri(redirectedUrl, "code");
    OAuth2Authorization authorizationCodeAuthorization = this.authorizationService.findByToken(authorizationCode, AUTHORIZATION_CODE_TOKEN_TYPE);
    assertThat(authorizationCodeAuthorization).isNotNull();
    assertThat(authorizationCodeAuthorization.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
    this.mvc.perform(post(DEFAULT_TOKEN_ENDPOINT_URI).params(getTokenRequestParameters(registeredClient, authorizationCodeAuthorization)).param(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId()).param(PkceParameterNames.CODE_VERIFIER, S256_CODE_VERIFIER)).andExpect(header().string(HttpHeaders.CACHE_CONTROL, containsString("no-store"))).andExpect(header().string(HttpHeaders.PRAGMA, containsString("no-cache"))).andExpect(status().isOk()).andExpect(jsonPath("$.access_token").isNotEmpty()).andExpect(jsonPath("$.token_type").isNotEmpty()).andExpect(jsonPath("$.expires_in").isNotEmpty()).andExpect(jsonPath("$.refresh_token").doesNotExist()).andExpect(jsonPath("$.scope").isNotEmpty());
    OAuth2Authorization accessTokenAuthorization = this.authorizationService.findById(authorizationCodeAuthorization.getId());
    assertThat(accessTokenAuthorization).isNotNull();
    assertThat(accessTokenAuthorization.getAccessToken()).isNotNull();
    OAuth2Authorization.Token<OAuth2AuthorizationCode> authorizationCodeToken = accessTokenAuthorization.getToken(OAuth2AuthorizationCode.class);
    assertThat(authorizationCodeToken).isNotNull();
    assertThat(authorizationCodeToken.getMetadata().get(OAuth2Authorization.Token.INVALIDATED_METADATA_NAME)).isEqualTo(true);
}

Example 50 with OAuth2Authorization

use of org.springframework.security.oauth2.server.authorization.OAuth2Authorization in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeGrantTests method requestWhenConsentRequestThenReturnAccessTokenResponse.

@Test
public void requestWhenConsentRequestThenReturnAccessTokenResponse() throws Exception {
    this.spring.register(AuthorizationServerConfiguration.class).autowire();
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().scopes(scopes -> {
        scopes.clear();
        scopes.add("message.read");
        scopes.add("message.write");
    }).clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build()).build();
    this.registeredClientRepository.save(registeredClient);
    OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).principalName("user").build();
    this.authorizationService.save(authorization);
    MvcResult mvcResult = this.mvc.perform(post(DEFAULT_AUTHORIZATION_ENDPOINT_URI).param(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId()).param(OAuth2ParameterNames.SCOPE, "message.read").param(OAuth2ParameterNames.SCOPE, "message.write").param(OAuth2ParameterNames.STATE, "state").with(user("user"))).andExpect(status().is3xxRedirection()).andReturn();
    String redirectedUrl = mvcResult.getResponse().getRedirectedUrl();
    assertThat(redirectedUrl).matches("https://example.com\\?code=.{15,}&state=state");
    String authorizationCode = extractParameterFromRedirectUri(redirectedUrl, "code");
    OAuth2Authorization authorizationCodeAuthorization = this.authorizationService.findByToken(authorizationCode, AUTHORIZATION_CODE_TOKEN_TYPE);
    this.mvc.perform(post(DEFAULT_TOKEN_ENDPOINT_URI).params(getTokenRequestParameters(registeredClient, authorizationCodeAuthorization)).header(HttpHeaders.AUTHORIZATION, getAuthorizationHeader(registeredClient))).andExpect(status().isOk()).andExpect(header().string(HttpHeaders.CACHE_CONTROL, containsString("no-store"))).andExpect(header().string(HttpHeaders.PRAGMA, containsString("no-cache"))).andExpect(jsonPath("$.access_token").isNotEmpty()).andExpect(jsonPath("$.token_type").isNotEmpty()).andExpect(jsonPath("$.expires_in").isNotEmpty()).andExpect(jsonPath("$.refresh_token").isNotEmpty()).andExpect(jsonPath("$.scope").isNotEmpty()).andReturn();
}