Examples with OAuth2Authorization org.springframework.security.oauth2.server.authorization.OAuth2Authorization used on opensource projects

Example 16 with OAuth2Authorization

use of org.springframework.security.oauth2.server.authorization.OAuth2Authorization in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeAuthenticationProviderTests method authenticateWhenRefreshTokenGrantNotConfiguredThenRefreshTokenNotIssued.

@Test
public void authenticateWhenRefreshTokenGrantNotConfiguredThenRefreshTokenNotIssued() {
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().authorizationGrantTypes(grantTypes -> grantTypes.remove(AuthorizationGrantType.REFRESH_TOKEN)).build();
    OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
    when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(AUTHORIZATION_CODE_TOKEN_TYPE))).thenReturn(authorization);
    OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret());
    OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute(OAuth2AuthorizationRequest.class.getName());
    OAuth2AuthorizationCodeAuthenticationToken authentication = new OAuth2AuthorizationCodeAuthenticationToken(AUTHORIZATION_CODE, clientPrincipal, authorizationRequest.getRedirectUri(), null);
    when(this.jwtEncoder.encode(any(), any())).thenReturn(createJwt());
    OAuth2AccessTokenAuthenticationToken accessTokenAuthentication = (OAuth2AccessTokenAuthenticationToken) this.authenticationProvider.authenticate(authentication);
    assertThat(accessTokenAuthentication.getRefreshToken()).isNull();
}

Example 17 with OAuth2Authorization

use of org.springframework.security.oauth2.server.authorization.OAuth2Authorization in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeAuthenticationProviderTests method authenticateWhenIdTokenNotGeneratedThenThrowOAuth2AuthenticationException.

@Test
public void authenticateWhenIdTokenNotGeneratedThenThrowOAuth2AuthenticationException() {
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().scope(OidcScopes.OPENID).build();
    OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
    when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(AUTHORIZATION_CODE_TOKEN_TYPE))).thenReturn(authorization);
    OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret());
    OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute(OAuth2AuthorizationRequest.class.getName());
    OAuth2AuthorizationCodeAuthenticationToken authentication = new OAuth2AuthorizationCodeAuthenticationToken(AUTHORIZATION_CODE, clientPrincipal, authorizationRequest.getRedirectUri(), null);
    when(this.jwtEncoder.encode(any(), any())).thenReturn(createJwt());
    doAnswer(answer -> {
        OAuth2TokenContext context = answer.getArgument(0);
        if (OidcParameterNames.ID_TOKEN.equals(context.getTokenType().getValue())) {
            return null;
        } else {
            return answer.callRealMethod();
        }
    }).when(this.tokenGenerator).generate(any());
    assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)).isInstanceOf(OAuth2AuthenticationException.class).extracting(ex -> ((OAuth2AuthenticationException) ex).getError()).satisfies(error -> {
        assertThat(error.getErrorCode()).isEqualTo(OAuth2ErrorCodes.SERVER_ERROR);
        assertThat(error.getDescription()).contains("The token generator failed to generate the ID token.");
    });
}

Example 18 with OAuth2Authorization

use of org.springframework.security.oauth2.server.authorization.OAuth2Authorization in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeAuthenticationProviderTests method authenticateWhenExpiredCodeThenThrowOAuth2AuthenticationException.

// gh-290
@Test
public void authenticateWhenExpiredCodeThenThrowOAuth2AuthenticationException() {
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
    OAuth2AuthorizationCode authorizationCode = new OAuth2AuthorizationCode(AUTHORIZATION_CODE, Instant.now().minusSeconds(300), Instant.now().minusSeconds(60));
    OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).token(authorizationCode).build();
    when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(AUTHORIZATION_CODE_TOKEN_TYPE))).thenReturn(authorization);
    OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret());
    OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute(OAuth2AuthorizationRequest.class.getName());
    OAuth2AuthorizationCodeAuthenticationToken authentication = new OAuth2AuthorizationCodeAuthenticationToken(AUTHORIZATION_CODE, clientPrincipal, authorizationRequest.getRedirectUri(), null);
    assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)).isInstanceOf(OAuth2AuthenticationException.class).extracting(ex -> ((OAuth2AuthenticationException) ex).getError()).extracting("errorCode").isEqualTo(OAuth2ErrorCodes.INVALID_GRANT);
}

Example 19 with OAuth2Authorization

use of org.springframework.security.oauth2.server.authorization.OAuth2Authorization in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeAuthenticationProviderTests method authenticateWhenCodeIssuedToAnotherClientThenThrowOAuth2AuthenticationException.

@Test
public void authenticateWhenCodeIssuedToAnotherClientThenThrowOAuth2AuthenticationException() {
    OAuth2Authorization authorization = TestOAuth2Authorizations.authorization().build();
    when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(AUTHORIZATION_CODE_TOKEN_TYPE))).thenReturn(authorization);
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient2().build();
    OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret());
    OAuth2AuthorizationCodeAuthenticationToken authentication = new OAuth2AuthorizationCodeAuthenticationToken(AUTHORIZATION_CODE, clientPrincipal, null, null);
    assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)).isInstanceOf(OAuth2AuthenticationException.class).extracting(ex -> ((OAuth2AuthenticationException) ex).getError()).extracting("errorCode").isEqualTo(OAuth2ErrorCodes.INVALID_GRANT);
    ArgumentCaptor<OAuth2Authorization> authorizationCaptor = ArgumentCaptor.forClass(OAuth2Authorization.class);
    verify(this.authorizationService).save(authorizationCaptor.capture());
    OAuth2Authorization updatedAuthorization = authorizationCaptor.getValue();
    OAuth2Authorization.Token<OAuth2AuthorizationCode> authorizationCode = updatedAuthorization.getToken(OAuth2AuthorizationCode.class);
    assertThat(authorizationCode.isInvalidated()).isTrue();
}

Example 20 with OAuth2Authorization

use of org.springframework.security.oauth2.server.authorization.OAuth2Authorization in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeAuthenticationProviderTests method authenticateWhenInvalidRedirectUriThenThrowOAuth2AuthenticationException.

@Test
public void authenticateWhenInvalidRedirectUriThenThrowOAuth2AuthenticationException() {
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
    OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
    when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(AUTHORIZATION_CODE_TOKEN_TYPE))).thenReturn(authorization);
    OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret());
    OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute(OAuth2AuthorizationRequest.class.getName());
    OAuth2AuthorizationCodeAuthenticationToken authentication = new OAuth2AuthorizationCodeAuthenticationToken(AUTHORIZATION_CODE, clientPrincipal, authorizationRequest.getRedirectUri() + "-invalid", null);
    assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)).isInstanceOf(OAuth2AuthenticationException.class).extracting(ex -> ((OAuth2AuthenticationException) ex).getError()).extracting("errorCode").isEqualTo(OAuth2ErrorCodes.INVALID_GRANT);
}