Examples with OAuth2AuthorizationCodeRequestAuthenticationToken org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationToken used on opensource projects

Search in sources :

Example 1 with OAuth2AuthorizationCodeRequestAuthenticationToken

use of org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationToken in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeRequestAuthenticationProviderTests method authenticateWhenPkceRequiredAndMissingCodeChallengeThenThrowOAuth2AuthorizationCodeRequestAuthenticationException.

@Test
public void authenticateWhenPkceRequiredAndMissingCodeChallengeThenThrowOAuth2AuthorizationCodeRequestAuthenticationException() {
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().clientSettings(ClientSettings.builder().requireProofKey(true).build()).build();
    when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))).thenReturn(registeredClient);
    OAuth2AuthorizationCodeRequestAuthenticationToken authentication = authorizationCodeRequestAuthentication(registeredClient, this.principal).build();
    assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)).isInstanceOf(OAuth2AuthorizationCodeRequestAuthenticationException.class).satisfies(ex -> assertAuthenticationException((OAuth2AuthorizationCodeRequestAuthenticationException) ex, OAuth2ErrorCodes.INVALID_REQUEST, PkceParameterNames.CODE_CHALLENGE, authentication.getRedirectUri()));
}
Also used : RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) Test(org.junit.Test)

Example 2 with OAuth2AuthorizationCodeRequestAuthenticationToken

use of org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationToken in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeRequestAuthenticationProviderTests method authenticateWhenCustomAuthorizationConsentCustomizerThenUsed.

@Test
public void authenticateWhenCustomAuthorizationConsentCustomizerThenUsed() {
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
    when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))).thenReturn(registeredClient);
    OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).principalName(this.principal.getName()).build();
    OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute(OAuth2AuthorizationRequest.class.getName());
    Set<String> authorizedScopes = authorizationRequest.getScopes();
    OAuth2AuthorizationCodeRequestAuthenticationToken authentication = authorizationConsentRequestAuthentication(registeredClient, this.principal).scopes(// Approve all scopes
    authorizedScopes).build();
    when(this.authorizationService.findByToken(eq(authentication.getState()), eq(STATE_TOKEN_TYPE))).thenReturn(authorization);
    @SuppressWarnings("unchecked") Consumer<OAuth2AuthorizationConsentAuthenticationContext> authorizationConsentCustomizer = mock(Consumer.class);
    this.authenticationProvider.setAuthorizationConsentCustomizer(authorizationConsentCustomizer);
    OAuth2AuthorizationCodeRequestAuthenticationToken authenticationResult = (OAuth2AuthorizationCodeRequestAuthenticationToken) this.authenticationProvider.authenticate(authentication);
    assertAuthorizationConsentRequestWithAuthorizationCodeResult(registeredClient, authorization, authenticationResult);
    ArgumentCaptor<OAuth2AuthorizationConsentAuthenticationContext> authenticationContextCaptor = ArgumentCaptor.forClass(OAuth2AuthorizationConsentAuthenticationContext.class);
    verify(authorizationConsentCustomizer).accept(authenticationContextCaptor.capture());
    OAuth2AuthorizationConsentAuthenticationContext authenticationContext = authenticationContextCaptor.getValue();
    assertThat(authenticationContext.<Authentication>getAuthentication()).isEqualTo(authentication);
    assertThat(authenticationContext.getAuthorizationConsent()).isNotNull();
    assertThat(authenticationContext.getRegisteredClient()).isEqualTo(registeredClient);
    assertThat(authenticationContext.getAuthorization()).isEqualTo(authorization);
    assertThat(authenticationContext.getAuthorizationRequest()).isEqualTo(authorizationRequest);
}
Also used : Authentication(org.springframework.security.core.Authentication) OAuth2Authorization(org.springframework.security.oauth2.server.authorization.OAuth2Authorization) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) Test(org.junit.Test)

Example 3 with OAuth2AuthorizationCodeRequestAuthenticationToken

use of org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationToken in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeRequestAuthenticationProviderTests method authenticateWhenRequireAuthorizationConsentAndAllPreviouslyApprovedThenAuthorizationConsentNotRequired.

@Test
public void authenticateWhenRequireAuthorizationConsentAndAllPreviouslyApprovedThenAuthorizationConsentNotRequired() {
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build()).build();
    when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))).thenReturn(registeredClient);
    OAuth2AuthorizationConsent.Builder builder = OAuth2AuthorizationConsent.withId(registeredClient.getId(), this.principal.getName());
    registeredClient.getScopes().forEach(builder::scope);
    OAuth2AuthorizationConsent previousAuthorizationConsent = builder.build();
    when(this.authorizationConsentService.findById(eq(registeredClient.getId()), eq(this.principal.getName()))).thenReturn(previousAuthorizationConsent);
    OAuth2AuthorizationCodeRequestAuthenticationToken authentication = authorizationCodeRequestAuthentication(registeredClient, this.principal).build();
    OAuth2AuthorizationCodeRequestAuthenticationToken authenticationResult = (OAuth2AuthorizationCodeRequestAuthenticationToken) this.authenticationProvider.authenticate(authentication);
    assertAuthorizationCodeRequestWithAuthorizationCodeResult(registeredClient, authentication, authenticationResult);
}
Also used : OAuth2AuthorizationConsent(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) Test(org.junit.Test)

Example 4 with OAuth2AuthorizationCodeRequestAuthenticationToken

use of org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationToken in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeRequestAuthenticationProviderTests method authenticateWhenConsentRequestApproveNoneAndRevokePreviouslyApprovedThenAuthorizationConsentRemoved.

@Test
public void authenticateWhenConsentRequestApproveNoneAndRevokePreviouslyApprovedThenAuthorizationConsentRemoved() {
    String previouslyApprovedScope = "message.read";
    String requestedScope = "message.write";
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().scopes(scopes -> {
        scopes.clear();
        scopes.add(previouslyApprovedScope);
        scopes.add(requestedScope);
    }).build();
    when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))).thenReturn(registeredClient);
    OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).principalName(this.principal.getName()).build();
    OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute(OAuth2AuthorizationRequest.class.getName());
    OAuth2AuthorizationCodeRequestAuthenticationToken authentication = authorizationConsentRequestAuthentication(registeredClient, this.principal).scopes(// No scopes approved
    new HashSet<>()).build();
    when(this.authorizationService.findByToken(eq(authentication.getState()), eq(STATE_TOKEN_TYPE))).thenReturn(authorization);
    OAuth2AuthorizationConsent previousAuthorizationConsent = OAuth2AuthorizationConsent.withId(authorization.getRegisteredClientId(), authorization.getPrincipalName()).scope(previouslyApprovedScope).build();
    when(this.authorizationConsentService.findById(eq(authorization.getRegisteredClientId()), eq(authorization.getPrincipalName()))).thenReturn(previousAuthorizationConsent);
    // Revoke all (including previously approved)
    this.authenticationProvider.setAuthorizationConsentCustomizer((authorizationConsentContext) -> authorizationConsentContext.getAuthorizationConsent().authorities(Set::clear));
    assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)).isInstanceOf(OAuth2AuthorizationCodeRequestAuthenticationException.class).satisfies(ex -> assertAuthenticationException((OAuth2AuthorizationCodeRequestAuthenticationException) ex, OAuth2ErrorCodes.ACCESS_DENIED, OAuth2ParameterNames.CLIENT_ID, authorizationRequest.getRedirectUri()));
    verify(this.authorizationConsentService).remove(eq(previousAuthorizationConsent));
    verify(this.authorizationService).remove(eq(authorization));
}
Also used : ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) OAuth2ParameterNames(org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) PkceParameterNames(org.springframework.security.oauth2.core.endpoint.PkceParameterNames) OAuth2TokenGenerator(org.springframework.security.oauth2.server.authorization.OAuth2TokenGenerator) OAuth2AuthorizationResponseType(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) RegisteredClientRepository(org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) HashMap(java.util.HashMap) Mockito.spy(org.mockito.Mockito.spy) Function(java.util.function.Function) Supplier(java.util.function.Supplier) OAuth2AuthorizationConsentService(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsentService) HashSet(java.util.HashSet) TestOAuth2Authorizations(org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations) ArgumentCaptor(org.mockito.ArgumentCaptor) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) Map(java.util.Map) OidcScopes(org.springframework.security.oauth2.core.oidc.OidcScopes) OAuth2AuthenticationValidator(org.springframework.security.oauth2.core.authentication.OAuth2AuthenticationValidator) ClientSettings(org.springframework.security.oauth2.server.authorization.config.ClientSettings) Before(org.junit.Before) OAuth2Authorization(org.springframework.security.oauth2.server.authorization.OAuth2Authorization) ProviderSettings(org.springframework.security.oauth2.server.authorization.config.ProviderSettings) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) OAuth2AuthorizationConsent(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) Set(java.util.Set) Test(org.junit.Test) Mockito.times(org.mockito.Mockito.times) Mockito.when(org.mockito.Mockito.when) OAuth2ErrorCodes(org.springframework.security.oauth2.core.OAuth2ErrorCodes) TestRegisteredClients(org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients) OAuth2AuthorizationService(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService) Mockito.verify(org.mockito.Mockito.verify) Consumer(java.util.function.Consumer) ProviderContextHolder(org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder) Mockito.never(org.mockito.Mockito.never) Principal(java.security.Principal) OAuth2AuthorizationCode(org.springframework.security.oauth2.core.OAuth2AuthorizationCode) OAuth2TokenType(org.springframework.security.oauth2.core.OAuth2TokenType) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) ProviderContext(org.springframework.security.oauth2.server.authorization.context.ProviderContext) Authentication(org.springframework.security.core.Authentication) Collections(java.util.Collections) AuthorizationGrantType(org.springframework.security.oauth2.core.AuthorizationGrantType) Mockito.mock(org.mockito.Mockito.mock) OAuth2AuthorizationConsent(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent) OAuth2Authorization(org.springframework.security.oauth2.server.authorization.OAuth2Authorization) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 5 with OAuth2AuthorizationCodeRequestAuthenticationToken

use of org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationToken in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeRequestAuthenticationProviderTests method authenticateWhenConsentRequestNotApprovedThenThrowOAuth2AuthorizationCodeRequestAuthenticationException.

@Test
public void authenticateWhenConsentRequestNotApprovedThenThrowOAuth2AuthorizationCodeRequestAuthenticationException() {
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
    when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))).thenReturn(registeredClient);
    OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).principalName(this.principal.getName()).build();
    OAuth2AuthorizationCodeRequestAuthenticationToken authentication = authorizationConsentRequestAuthentication(registeredClient, this.principal).scopes(// No scopes approved
    new HashSet<>()).build();
    when(this.authorizationService.findByToken(eq(authentication.getState()), eq(STATE_TOKEN_TYPE))).thenReturn(authorization);
    OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute(OAuth2AuthorizationRequest.class.getName());
    assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)).isInstanceOf(OAuth2AuthorizationCodeRequestAuthenticationException.class).satisfies(ex -> assertAuthenticationException((OAuth2AuthorizationCodeRequestAuthenticationException) ex, OAuth2ErrorCodes.ACCESS_DENIED, OAuth2ParameterNames.CLIENT_ID, authorizationRequest.getRedirectUri()));
    verify(this.authorizationService).remove(eq(authorization));
}
Also used : OAuth2Authorization(org.springframework.security.oauth2.server.authorization.OAuth2Authorization) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

RegisteredClient (org.springframework.security.oauth2.server.authorization.client.RegisteredClient)46 Test (org.junit.Test)44 OAuth2Authorization (org.springframework.security.oauth2.server.authorization.OAuth2Authorization)18 OAuth2Error (org.springframework.security.oauth2.core.OAuth2Error)16 OAuth2AuthorizationCodeRequestAuthenticationToken (org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationToken)16 Authentication (org.springframework.security.core.Authentication)15 OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)15 HashSet (java.util.HashSet)14 OAuth2AuthorizationCode (org.springframework.security.oauth2.core.OAuth2AuthorizationCode)14 Set (java.util.Set)12 Consumer (java.util.function.Consumer)10 FilterChain (javax.servlet.FilterChain)10 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)10 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)10 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)10 OAuth2ErrorCodes (org.springframework.security.oauth2.core.OAuth2ErrorCodes)10 OAuth2ParameterNames (org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames)10 HashMap (java.util.HashMap)9 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)9 Assertions.assertThatThrownBy (org.assertj.core.api.Assertions.assertThatThrownBy)9
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial