Examples with OAuth2AuthorizationConsent org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent used on opensource projects

Example 1 with OAuth2AuthorizationConsent

use of org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeRequestAuthenticationProviderTests method authenticateWhenRequireAuthorizationConsentAndAllPreviouslyApprovedThenAuthorizationConsentNotRequired.

@Test
public void authenticateWhenRequireAuthorizationConsentAndAllPreviouslyApprovedThenAuthorizationConsentNotRequired() {
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build()).build();
    when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))).thenReturn(registeredClient);
    OAuth2AuthorizationConsent.Builder builder = OAuth2AuthorizationConsent.withId(registeredClient.getId(), this.principal.getName());
    registeredClient.getScopes().forEach(builder::scope);
    OAuth2AuthorizationConsent previousAuthorizationConsent = builder.build();
    when(this.authorizationConsentService.findById(eq(registeredClient.getId()), eq(this.principal.getName()))).thenReturn(previousAuthorizationConsent);
    OAuth2AuthorizationCodeRequestAuthenticationToken authentication = authorizationCodeRequestAuthentication(registeredClient, this.principal).build();
    OAuth2AuthorizationCodeRequestAuthenticationToken authenticationResult = (OAuth2AuthorizationCodeRequestAuthenticationToken) this.authenticationProvider.authenticate(authentication);
    assertAuthorizationCodeRequestWithAuthorizationCodeResult(registeredClient, authentication, authenticationResult);
}

Example 2 with OAuth2AuthorizationConsent

use of org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeRequestAuthenticationProviderTests method authenticateWhenConsentRequestApproveNoneAndRevokePreviouslyApprovedThenAuthorizationConsentRemoved.

@Test
public void authenticateWhenConsentRequestApproveNoneAndRevokePreviouslyApprovedThenAuthorizationConsentRemoved() {
    String previouslyApprovedScope = "message.read";
    String requestedScope = "message.write";
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().scopes(scopes -> {
        scopes.clear();
        scopes.add(previouslyApprovedScope);
        scopes.add(requestedScope);
    }).build();
    when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))).thenReturn(registeredClient);
    OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).principalName(this.principal.getName()).build();
    OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute(OAuth2AuthorizationRequest.class.getName());
    OAuth2AuthorizationCodeRequestAuthenticationToken authentication = authorizationConsentRequestAuthentication(registeredClient, this.principal).scopes(// No scopes approved
    new HashSet<>()).build();
    when(this.authorizationService.findByToken(eq(authentication.getState()), eq(STATE_TOKEN_TYPE))).thenReturn(authorization);
    OAuth2AuthorizationConsent previousAuthorizationConsent = OAuth2AuthorizationConsent.withId(authorization.getRegisteredClientId(), authorization.getPrincipalName()).scope(previouslyApprovedScope).build();
    when(this.authorizationConsentService.findById(eq(authorization.getRegisteredClientId()), eq(authorization.getPrincipalName()))).thenReturn(previousAuthorizationConsent);
    // Revoke all (including previously approved)
    this.authenticationProvider.setAuthorizationConsentCustomizer((authorizationConsentContext) -> authorizationConsentContext.getAuthorizationConsent().authorities(Set::clear));
    assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)).isInstanceOf(OAuth2AuthorizationCodeRequestAuthenticationException.class).satisfies(ex -> assertAuthenticationException((OAuth2AuthorizationCodeRequestAuthenticationException) ex, OAuth2ErrorCodes.ACCESS_DENIED, OAuth2ParameterNames.CLIENT_ID, authorizationRequest.getRedirectUri()));
    verify(this.authorizationConsentService).remove(eq(previousAuthorizationConsent));
    verify(this.authorizationService).remove(eq(authorization));
}

Example 3 with OAuth2AuthorizationConsent

use of org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeRequestAuthenticationProviderTests method authenticateWhenConsentRequestApproveSomeAndPreviouslyApprovedThenAuthorizationConsentUpdated.

@Test
public void authenticateWhenConsentRequestApproveSomeAndPreviouslyApprovedThenAuthorizationConsentUpdated() {
    String previouslyApprovedScope = "message.read";
    String requestedScope = "message.write";
    String otherPreviouslyApprovedScope = "other.scope";
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().scopes(scopes -> {
        scopes.clear();
        scopes.add(previouslyApprovedScope);
        scopes.add(requestedScope);
    }).build();
    when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))).thenReturn(registeredClient);
    OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).principalName(this.principal.getName()).build();
    OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute(OAuth2AuthorizationRequest.class.getName());
    Set<String> requestedScopes = authorizationRequest.getScopes();
    OAuth2AuthorizationCodeRequestAuthenticationToken authentication = authorizationConsentRequestAuthentication(registeredClient, this.principal).scopes(requestedScopes).build();
    when(this.authorizationService.findByToken(eq(authentication.getState()), eq(STATE_TOKEN_TYPE))).thenReturn(authorization);
    OAuth2AuthorizationConsent previousAuthorizationConsent = OAuth2AuthorizationConsent.withId(authorization.getRegisteredClientId(), authorization.getPrincipalName()).scope(previouslyApprovedScope).scope(otherPreviouslyApprovedScope).build();
    when(this.authorizationConsentService.findById(eq(authorization.getRegisteredClientId()), eq(authorization.getPrincipalName()))).thenReturn(previousAuthorizationConsent);
    OAuth2AuthorizationCodeRequestAuthenticationToken authenticationResult = (OAuth2AuthorizationCodeRequestAuthenticationToken) this.authenticationProvider.authenticate(authentication);
    ArgumentCaptor<OAuth2AuthorizationConsent> authorizationConsentCaptor = ArgumentCaptor.forClass(OAuth2AuthorizationConsent.class);
    verify(this.authorizationConsentService).save(authorizationConsentCaptor.capture());
    OAuth2AuthorizationConsent updatedAuthorizationConsent = authorizationConsentCaptor.getValue();
    assertThat(updatedAuthorizationConsent.getRegisteredClientId()).isEqualTo(previousAuthorizationConsent.getRegisteredClientId());
    assertThat(updatedAuthorizationConsent.getPrincipalName()).isEqualTo(previousAuthorizationConsent.getPrincipalName());
    assertThat(updatedAuthorizationConsent.getScopes()).containsExactlyInAnyOrder(previouslyApprovedScope, otherPreviouslyApprovedScope, requestedScope);
    ArgumentCaptor<OAuth2Authorization> authorizationCaptor = ArgumentCaptor.forClass(OAuth2Authorization.class);
    verify(this.authorizationService).save(authorizationCaptor.capture());
    OAuth2Authorization updatedAuthorization = authorizationCaptor.getValue();
    assertThat(updatedAuthorization.<Set<String>>getAttribute(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME)).isEqualTo(requestedScopes);
    assertThat(authenticationResult.getScopes()).isEqualTo(requestedScopes);
}

Example 4 with OAuth2AuthorizationConsent

use of org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeRequestAuthenticationProviderTests method authenticateWhenConsentRequestApproveNoneAndPreviouslyApprovedThenAuthorizationConsentNotUpdated.

@Test
public void authenticateWhenConsentRequestApproveNoneAndPreviouslyApprovedThenAuthorizationConsentNotUpdated() {
    String previouslyApprovedScope = "message.read";
    String requestedScope = "message.write";
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().scopes(scopes -> {
        scopes.clear();
        scopes.add(previouslyApprovedScope);
        scopes.add(requestedScope);
    }).build();
    when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))).thenReturn(registeredClient);
    OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).principalName(this.principal.getName()).build();
    OAuth2AuthorizationCodeRequestAuthenticationToken authentication = authorizationConsentRequestAuthentication(registeredClient, this.principal).scopes(// No scopes approved
    new HashSet<>()).build();
    when(this.authorizationService.findByToken(eq(authentication.getState()), eq(STATE_TOKEN_TYPE))).thenReturn(authorization);
    OAuth2AuthorizationConsent previousAuthorizationConsent = OAuth2AuthorizationConsent.withId(authorization.getRegisteredClientId(), authorization.getPrincipalName()).scope(previouslyApprovedScope).build();
    when(this.authorizationConsentService.findById(eq(authorization.getRegisteredClientId()), eq(authorization.getPrincipalName()))).thenReturn(previousAuthorizationConsent);
    OAuth2AuthorizationCodeRequestAuthenticationToken authenticationResult = (OAuth2AuthorizationCodeRequestAuthenticationToken) this.authenticationProvider.authenticate(authentication);
    verify(this.authorizationConsentService, never()).save(any());
    assertThat(authenticationResult.getScopes()).isEqualTo(Collections.singleton(previouslyApprovedScope));
}

Example 5 with OAuth2AuthorizationConsent

use of org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent in project spring-authorization-server by spring-projects.

the class JdbcOAuth2AuthorizationConsentServiceTests method saveWhenAuthorizationConsentNewThenSaved.

@Test
public void saveWhenAuthorizationConsentNewThenSaved() {
    OAuth2AuthorizationConsent expectedAuthorizationConsent = OAuth2AuthorizationConsent.withId("new-client", "new-principal").authority(new SimpleGrantedAuthority("new.authority")).build();
    RegisteredClient newRegisteredClient = TestRegisteredClients.registeredClient().id("new-client").build();
    when(this.registeredClientRepository.findById(eq(newRegisteredClient.getId()))).thenReturn(newRegisteredClient);
    this.authorizationConsentService.save(expectedAuthorizationConsent);
    OAuth2AuthorizationConsent authorizationConsent = this.authorizationConsentService.findById("new-client", "new-principal");
    assertThat(authorizationConsent).isEqualTo(expectedAuthorizationConsent);
}