Example 26 with OAuth2ClientAuthenticationToken
use of org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken in project spring-authorization-server by spring-projects.
the class JwtEncodingContextTests method buildWhenAllValuesProvidedThenAllValuesAreSet.
@Test
public void buildWhenAllValuesProvidedThenAllValuesAreSet() {
JoseHeader.Builder headers = TestJoseHeaders.joseHeader();
JwtClaimsSet.Builder claims = TestJwtClaimsSets.jwtClaimsSet();
RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
TestingAuthenticationToken principal = new TestingAuthenticationToken("principal", "password");
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization().build();
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret());
OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute(OAuth2AuthorizationRequest.class.getName());
OAuth2AuthorizationCodeAuthenticationToken authorizationGrant = new OAuth2AuthorizationCodeAuthenticationToken("code", clientPrincipal, authorizationRequest.getRedirectUri(), null);
JwtEncodingContext context = JwtEncodingContext.with(headers, claims).registeredClient(registeredClient).principal(principal).authorization(authorization).tokenType(OAuth2TokenType.ACCESS_TOKEN).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrant(authorizationGrant).put("custom-key-1", "custom-value-1").context(ctx -> ctx.put("custom-key-2", "custom-value-2")).build();
assertThat(context.getHeaders()).isEqualTo(headers);
assertThat(context.getClaims()).isEqualTo(claims);
assertThat(context.getRegisteredClient()).isEqualTo(registeredClient);
assertThat(context.<Authentication>getPrincipal()).isEqualTo(principal);
assertThat(context.getAuthorization()).isEqualTo(authorization);
assertThat(context.getTokenType()).isEqualTo(OAuth2TokenType.ACCESS_TOKEN);
assertThat(context.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
assertThat(context.<OAuth2AuthorizationGrantAuthenticationToken>getAuthorizationGrant()).isEqualTo(authorizationGrant);
assertThat(context.<String>get("custom-key-1")).isEqualTo("custom-value-1");
assertThat(context.<String>get("custom-key-2")).isEqualTo("custom-value-2");
}
Also used :
RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
TestJoseHeaders(org.springframework.security.oauth2.jwt.TestJoseHeaders)
OAuth2AuthorizationGrantAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)
OAuth2ClientAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken)
Test(org.junit.Test)
OAuth2AuthorizationCodeAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationToken)
TestRegisteredClients(org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients)
JwtClaimsSet(org.springframework.security.oauth2.jwt.JwtClaimsSet)
JoseHeader(org.springframework.security.oauth2.jwt.JoseHeader)
Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy)
ClientAuthenticationMethod(org.springframework.security.oauth2.core.ClientAuthenticationMethod)
OAuth2TokenType(org.springframework.security.oauth2.core.OAuth2TokenType)
TestJwtClaimsSets(org.springframework.security.oauth2.jwt.TestJwtClaimsSets)
Authentication(org.springframework.security.core.Authentication)
AuthorizationGrantType(org.springframework.security.oauth2.core.AuthorizationGrantType)
OAuth2AuthorizationCodeAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationToken)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient)
JwtClaimsSet(org.springframework.security.oauth2.jwt.JwtClaimsSet)
Authentication(org.springframework.security.core.Authentication)
OAuth2AuthorizationGrantAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken)
JoseHeader(org.springframework.security.oauth2.jwt.JoseHeader)
OAuth2ClientAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken)
OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)
Test(org.junit.Test)
Example 27 with OAuth2ClientAuthenticationToken
use of org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken in project spring-authorization-server by spring-projects.
the class JwtGeneratorTests method generateWhenAccessTokenTypeThenReturnJwt.
@Test
public void generateWhenAccessTokenTypeThenReturnJwt() {
RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret());
OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute(OAuth2AuthorizationRequest.class.getName());
OAuth2AuthorizationCodeAuthenticationToken authentication = new OAuth2AuthorizationCodeAuthenticationToken("code", clientPrincipal, authorizationRequest.getRedirectUri(), null);
// @formatter:off
OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder().registeredClient(registeredClient).principal(authorization.getAttribute(Principal.class.getName())).providerContext(this.providerContext).authorization(authorization).authorizedScopes(authorization.getAttribute(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME)).tokenType(OAuth2TokenType.ACCESS_TOKEN).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrant(authentication).build();
// @formatter:on
assertGeneratedTokenType(tokenContext);
}
Also used :
OAuth2AuthorizationCodeAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationToken)
OAuth2ClientAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken)
OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)
Principal(java.security.Principal)
RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient)
Test(org.junit.Test)
Example 28 with OAuth2ClientAuthenticationToken
use of org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken in project spring-authorization-server by spring-projects.
the class JwtGeneratorTests method generateWhenIdTokenTypeThenReturnJwt.
@Test
public void generateWhenIdTokenTypeThenReturnJwt() {
RegisteredClient registeredClient = TestRegisteredClients.registeredClient().scope(OidcScopes.OPENID).build();
Map<String, Object> authenticationRequestAdditionalParameters = new HashMap<>();
authenticationRequestAdditionalParameters.put(OidcParameterNames.NONCE, "nonce");
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient, authenticationRequestAdditionalParameters).build();
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret());
OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute(OAuth2AuthorizationRequest.class.getName());
OAuth2AuthorizationCodeAuthenticationToken authentication = new OAuth2AuthorizationCodeAuthenticationToken("code", clientPrincipal, authorizationRequest.getRedirectUri(), null);
// @formatter:off
OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder().registeredClient(registeredClient).principal(authorization.getAttribute(Principal.class.getName())).providerContext(this.providerContext).authorization(authorization).authorizedScopes(authorization.getAttribute(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME)).tokenType(ID_TOKEN_TOKEN_TYPE).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrant(authentication).build();
// @formatter:on
assertGeneratedTokenType(tokenContext);
}
Also used :
HashMap(java.util.HashMap)
OAuth2AuthorizationCodeAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationToken)
OAuth2ClientAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken)
OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)
Principal(java.security.Principal)
RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient)
Test(org.junit.Test)
Example 29 with OAuth2ClientAuthenticationToken
use of org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken in project spring-authorization-server by spring-projects.
the class OAuth2TokenRevocationAuthenticationProviderTests method authenticateWhenInvalidTokenThenNotRevoked.
@Test
public void authenticateWhenInvalidTokenThenNotRevoked() {
RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret());
OAuth2TokenRevocationAuthenticationToken authentication = new OAuth2TokenRevocationAuthenticationToken("token", clientPrincipal, OAuth2TokenType.ACCESS_TOKEN.getValue());
OAuth2TokenRevocationAuthenticationToken authenticationResult = (OAuth2TokenRevocationAuthenticationToken) this.authenticationProvider.authenticate(authentication);
assertThat(authenticationResult.isAuthenticated()).isFalse();
verify(this.authorizationService, never()).save(any());
}
Also used :
RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient)
Test(org.junit.Test)
Example 30 with OAuth2ClientAuthenticationToken
use of org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken in project spring-authorization-server by spring-projects.
the class OAuth2ClientAuthenticationProvider method authenticateClientCredentials.
private Authentication authenticateClientCredentials(Authentication authentication) throws AuthenticationException {
OAuth2ClientAuthenticationToken clientAuthentication = (OAuth2ClientAuthenticationToken) authentication;
String clientId = clientAuthentication.getPrincipal().toString();
RegisteredClient registeredClient = this.registeredClientRepository.findByClientId(clientId);
if (registeredClient == null) {
throwInvalidClient(OAuth2ParameterNames.CLIENT_ID);
}
if (!registeredClient.getClientAuthenticationMethods().contains(clientAuthentication.getClientAuthenticationMethod())) {
throwInvalidClient("authentication_method");
}
boolean credentialsAuthenticated = false;
if (clientAuthentication.getCredentials() != null) {
String clientSecret = clientAuthentication.getCredentials().toString();
if (!this.passwordEncoder.matches(clientSecret, registeredClient.getClientSecret())) {
throwInvalidClient(OAuth2ParameterNames.CLIENT_SECRET);
}
credentialsAuthenticated = true;
}
boolean pkceAuthenticated = authenticatePkceIfAvailable(clientAuthentication, registeredClient);
credentialsAuthenticated = credentialsAuthenticated || pkceAuthenticated;
if (!credentialsAuthenticated) {
throwInvalidClient("credentials");
}
return new OAuth2ClientAuthenticationToken(registeredClient, clientAuthentication.getClientAuthenticationMethod(), clientAuthentication.getCredentials());
}
Also used :
RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient)
Aggregations
RegisteredClient (org.springframework.security.oauth2.server.authorization.client.RegisteredClient)104
Test (org.junit.Test)102
OAuth2Authorization (org.springframework.security.oauth2.server.authorization.OAuth2Authorization)69
OAuth2AuthenticationException (org.springframework.security.oauth2.core.OAuth2AuthenticationException)51
Instant (java.time.Instant)38
Authentication (org.springframework.security.core.Authentication)38
ClientAuthenticationMethod (org.springframework.security.oauth2.core.ClientAuthenticationMethod)32
OAuth2TokenType (org.springframework.security.oauth2.core.OAuth2TokenType)32
Jwt (org.springframework.security.oauth2.jwt.Jwt)32
OAuth2ClientAuthenticationToken (org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken)32
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)31
Assertions.assertThatThrownBy (org.assertj.core.api.Assertions.assertThatThrownBy)31
TestRegisteredClients (org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients)31
HashMap (java.util.HashMap)30
AuthorizationGrantType (org.springframework.security.oauth2.core.AuthorizationGrantType)30
OAuth2ParameterNames (org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames)30
ProviderSettings (org.springframework.security.oauth2.server.authorization.config.ProviderSettings)30
ChronoUnit (java.time.temporal.ChronoUnit)29
Before (org.junit.Before)29
ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)29
