Examples with OAuth2AuthorizationConsent org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent used on opensource projects

Example 11 with OAuth2AuthorizationConsent

use of org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeRequestAuthenticationProviderTests method assertAuthorizationConsentRequestWithAuthorizationCodeResult.

private void assertAuthorizationConsentRequestWithAuthorizationCodeResult(RegisteredClient registeredClient, OAuth2Authorization authorization, OAuth2AuthorizationCodeRequestAuthenticationToken authenticationResult) {
    OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute(OAuth2AuthorizationRequest.class.getName());
    Set<String> authorizedScopes = authorizationRequest.getScopes();
    ArgumentCaptor<OAuth2AuthorizationConsent> authorizationConsentCaptor = ArgumentCaptor.forClass(OAuth2AuthorizationConsent.class);
    verify(this.authorizationConsentService).save(authorizationConsentCaptor.capture());
    OAuth2AuthorizationConsent authorizationConsent = authorizationConsentCaptor.getValue();
    assertThat(authorizationConsent.getRegisteredClientId()).isEqualTo(authorization.getRegisteredClientId());
    assertThat(authorizationConsent.getPrincipalName()).isEqualTo(authorization.getPrincipalName());
    assertThat(authorizationConsent.getAuthorities()).hasSize(authorizedScopes.size());
    assertThat(authorizationConsent.getScopes()).containsExactlyInAnyOrderElementsOf(authorizedScopes);
    ArgumentCaptor<OAuth2Authorization> authorizationCaptor = ArgumentCaptor.forClass(OAuth2Authorization.class);
    verify(this.authorizationService).save(authorizationCaptor.capture());
    OAuth2Authorization updatedAuthorization = authorizationCaptor.getValue();
    assertThat(updatedAuthorization.getRegisteredClientId()).isEqualTo(authorization.getRegisteredClientId());
    assertThat(updatedAuthorization.getPrincipalName()).isEqualTo(authorization.getPrincipalName());
    assertThat(updatedAuthorization.getAuthorizationGrantType()).isEqualTo(authorization.getAuthorizationGrantType());
    assertThat(updatedAuthorization.<Authentication>getAttribute(Principal.class.getName())).isEqualTo(authorization.<Authentication>getAttribute(Principal.class.getName()));
    assertThat(updatedAuthorization.<OAuth2AuthorizationRequest>getAttribute(OAuth2AuthorizationRequest.class.getName())).isEqualTo(authorizationRequest);
    OAuth2Authorization.Token<OAuth2AuthorizationCode> authorizationCode = updatedAuthorization.getToken(OAuth2AuthorizationCode.class);
    assertThat(authorizationCode).isNotNull();
    assertThat(updatedAuthorization.<String>getAttribute(OAuth2ParameterNames.STATE)).isNull();
    assertThat(updatedAuthorization.<Set<String>>getAttribute(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME)).isEqualTo(authorizedScopes);
    assertThat(authenticationResult.getClientId()).isEqualTo(registeredClient.getClientId());
    assertThat(authenticationResult.getPrincipal()).isEqualTo(this.principal);
    assertThat(authenticationResult.getAuthorizationUri()).isEqualTo(authorizationRequest.getAuthorizationUri());
    assertThat(authenticationResult.getRedirectUri()).isEqualTo(authorizationRequest.getRedirectUri());
    assertThat(authenticationResult.getScopes()).isEqualTo(authorizedScopes);
    assertThat(authenticationResult.getState()).isEqualTo(authorizationRequest.getState());
    assertThat(authenticationResult.getAuthorizationCode()).isEqualTo(authorizationCode.getToken());
    assertThat(authenticationResult.isAuthenticated()).isTrue();
}

Example 12 with OAuth2AuthorizationConsent

use of org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent in project spring-authorization-server by spring-projects.

the class AuthorizationConsentController method consent.

@GetMapping(value = "/oauth2/consent")
public String consent(Principal principal, Model model, @RequestParam(OAuth2ParameterNames.CLIENT_ID) String clientId, @RequestParam(OAuth2ParameterNames.SCOPE) String scope, @RequestParam(OAuth2ParameterNames.STATE) String state) {
    // Remove scopes that were already approved
    Set<String> scopesToApprove = new HashSet<>();
    Set<String> previouslyApprovedScopes = new HashSet<>();
    RegisteredClient registeredClient = this.registeredClientRepository.findByClientId(clientId);
    OAuth2AuthorizationConsent currentAuthorizationConsent = this.authorizationConsentService.findById(registeredClient.getId(), principal.getName());
    Set<String> authorizedScopes;
    if (currentAuthorizationConsent != null) {
        authorizedScopes = currentAuthorizationConsent.getScopes();
    } else {
        authorizedScopes = Collections.emptySet();
    }
    for (String requestedScope : StringUtils.delimitedListToStringArray(scope, " ")) {
        if (authorizedScopes.contains(requestedScope)) {
            previouslyApprovedScopes.add(requestedScope);
        } else {
            scopesToApprove.add(requestedScope);
        }
    }
    model.addAttribute("clientId", clientId);
    model.addAttribute("state", state);
    model.addAttribute("scopes", withDescription(scopesToApprove));
    model.addAttribute("previouslyApprovedScopes", withDescription(previouslyApprovedScopes));
    model.addAttribute("principalName", principal.getName());
    return "consent";
}

Example 13 with OAuth2AuthorizationConsent

use of org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent in project herodotus-engine by herodotus-cloud.

the class ConsentController method consent.

/**
 * Consent页面（确认请求scope的页面）
 *
 * @param principal 用户信息
 * @param model     model
 * @param clientId  客户端ID
 * @param scope     请求范围
 * @param state     state参数
 * @return Consent页面
 */
@GetMapping(value = "/oauth2/consent")
public String consent(Principal principal, Model model, @RequestParam(OAuth2ParameterNames.CLIENT_ID) String clientId, @RequestParam(OAuth2ParameterNames.SCOPE) String scope, @RequestParam(OAuth2ParameterNames.STATE) String state) {
    /**
     * 移除已经授权过的scope
     */
    // 待授权的scope
    Set<String> scopesToApprove = new HashSet<>();
    // 之前已经授权过的scope
    Set<String> previouslyApprovedScopes = new HashSet<>();
    // 获取客户端注册信息
    OAuth2Application application = this.applicationService.findByClientId(clientId);
    // 获取当前Client下用户之前的consent信息
    OAuth2AuthorizationConsent currentAuthorizationConsent = this.authorizationConsentService.findById(clientId, principal.getName());
    // 当前Client下用户已经授权的scope
    Set<String> authorizedScopes = Optional.ofNullable(currentAuthorizationConsent).map(OAuth2AuthorizationConsent::getScopes).orElse(Collections.emptySet());
    // 遍历请求的scope，提取之前已授权过 和 待授权的scope
    for (String requestedScope : StringUtils.delimitedListToStringArray(scope, SymbolConstants.SPACE)) {
        if (authorizedScopes.contains(requestedScope)) {
            previouslyApprovedScopes.add(requestedScope);
        } else if (!OidcScopes.OPENID.equals(requestedScope)) {
            scopesToApprove.add(requestedScope);
        }
    }
    // 输出信息指consent页面
    model.addAttribute("clientId", clientId);
    model.addAttribute("state", state);
    model.addAttribute("scopes", withDescription(scopesToApprove));
    model.addAttribute("previouslyApprovedScopes", withDescription(previouslyApprovedScopes));
    model.addAttribute("principalName", principal.getName());
    model.addAttribute("applicationName", application.getApplicationName());
    model.addAttribute("logo", application.getLogo());
    return "consent";
}

Example 14 with OAuth2AuthorizationConsent

use of org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent in project herodotus-engine by herodotus-cloud.

the class JpaOAuth2AuthorizationConsentService method toObject.

private OAuth2AuthorizationConsent toObject(HerodotusAuthorizationConsent authorizationConsent) {
    String registeredClientId = authorizationConsent.getRegisteredClientId();
    RegisteredClient registeredClient = this.registeredClientRepository.findById(registeredClientId);
    if (registeredClient == null) {
        throw new DataRetrievalFailureException("The RegisteredClient with id '" + registeredClientId + "' was not found in the RegisteredClientRepository.");
    }
    OAuth2AuthorizationConsent.Builder builder = OAuth2AuthorizationConsent.withId(registeredClientId, authorizationConsent.getPrincipalName());
    if (authorizationConsent.getAuthorities() != null) {
        for (String authority : StringUtils.commaDelimitedListToSet(authorizationConsent.getAuthorities())) {
            builder.authority(new HerodotusGrantedAuthority(authority));
        }
    }
    return builder.build();
}