Examples with RegisteredClient org.springframework.security.oauth2.server.authorization.client.RegisteredClient used on opensource projects

Example 6 with RegisteredClient

use of org.springframework.security.oauth2.server.authorization.client.RegisteredClient in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeRequestAuthenticationProviderTests method authenticateWhenAuthorizationCodeNotGeneratedThenThrowOAuth2AuthorizationCodeRequestAuthenticationException.

@Test
public void authenticateWhenAuthorizationCodeNotGeneratedThenThrowOAuth2AuthorizationCodeRequestAuthenticationException() {
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
    when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))).thenReturn(registeredClient);
    @SuppressWarnings("unchecked") OAuth2TokenGenerator<OAuth2AuthorizationCode> authorizationCodeGenerator = mock(OAuth2TokenGenerator.class);
    this.authenticationProvider.setAuthorizationCodeGenerator(authorizationCodeGenerator);
    OAuth2AuthorizationCodeRequestAuthenticationToken authentication = authorizationCodeRequestAuthentication(registeredClient, this.principal).build();
    assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)).isInstanceOf(OAuth2AuthorizationCodeRequestAuthenticationException.class).extracting(ex -> ((OAuth2AuthorizationCodeRequestAuthenticationException) ex).getError()).satisfies(error -> {
        assertThat(error.getErrorCode()).isEqualTo(OAuth2ErrorCodes.SERVER_ERROR);
        assertThat(error.getDescription()).contains("The token generator failed to generate the authorization code.");
    });
}

Example 7 with RegisteredClient

use of org.springframework.security.oauth2.server.authorization.client.RegisteredClient in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeRequestAuthenticationProviderTests method authenticateWhenConsentRequestApproveSomeAndPreviouslyApprovedThenAuthorizationConsentUpdated.

@Test
public void authenticateWhenConsentRequestApproveSomeAndPreviouslyApprovedThenAuthorizationConsentUpdated() {
    String previouslyApprovedScope = "message.read";
    String requestedScope = "message.write";
    String otherPreviouslyApprovedScope = "other.scope";
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().scopes(scopes -> {
        scopes.clear();
        scopes.add(previouslyApprovedScope);
        scopes.add(requestedScope);
    }).build();
    when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))).thenReturn(registeredClient);
    OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).principalName(this.principal.getName()).build();
    OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute(OAuth2AuthorizationRequest.class.getName());
    Set<String> requestedScopes = authorizationRequest.getScopes();
    OAuth2AuthorizationCodeRequestAuthenticationToken authentication = authorizationConsentRequestAuthentication(registeredClient, this.principal).scopes(requestedScopes).build();
    when(this.authorizationService.findByToken(eq(authentication.getState()), eq(STATE_TOKEN_TYPE))).thenReturn(authorization);
    OAuth2AuthorizationConsent previousAuthorizationConsent = OAuth2AuthorizationConsent.withId(authorization.getRegisteredClientId(), authorization.getPrincipalName()).scope(previouslyApprovedScope).scope(otherPreviouslyApprovedScope).build();
    when(this.authorizationConsentService.findById(eq(authorization.getRegisteredClientId()), eq(authorization.getPrincipalName()))).thenReturn(previousAuthorizationConsent);
    OAuth2AuthorizationCodeRequestAuthenticationToken authenticationResult = (OAuth2AuthorizationCodeRequestAuthenticationToken) this.authenticationProvider.authenticate(authentication);
    ArgumentCaptor<OAuth2AuthorizationConsent> authorizationConsentCaptor = ArgumentCaptor.forClass(OAuth2AuthorizationConsent.class);
    verify(this.authorizationConsentService).save(authorizationConsentCaptor.capture());
    OAuth2AuthorizationConsent updatedAuthorizationConsent = authorizationConsentCaptor.getValue();
    assertThat(updatedAuthorizationConsent.getRegisteredClientId()).isEqualTo(previousAuthorizationConsent.getRegisteredClientId());
    assertThat(updatedAuthorizationConsent.getPrincipalName()).isEqualTo(previousAuthorizationConsent.getPrincipalName());
    assertThat(updatedAuthorizationConsent.getScopes()).containsExactlyInAnyOrder(previouslyApprovedScope, otherPreviouslyApprovedScope, requestedScope);
    ArgumentCaptor<OAuth2Authorization> authorizationCaptor = ArgumentCaptor.forClass(OAuth2Authorization.class);
    verify(this.authorizationService).save(authorizationCaptor.capture());
    OAuth2Authorization updatedAuthorization = authorizationCaptor.getValue();
    assertThat(updatedAuthorization.<Set<String>>getAttribute(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME)).isEqualTo(requestedScopes);
    assertThat(authenticationResult.getScopes()).isEqualTo(requestedScopes);
}

Example 8 with RegisteredClient

use of org.springframework.security.oauth2.server.authorization.client.RegisteredClient in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeRequestAuthenticationProviderTests method authenticateWhenConsentRequestApproveNoneAndPreviouslyApprovedThenAuthorizationConsentNotUpdated.

@Test
public void authenticateWhenConsentRequestApproveNoneAndPreviouslyApprovedThenAuthorizationConsentNotUpdated() {
    String previouslyApprovedScope = "message.read";
    String requestedScope = "message.write";
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().scopes(scopes -> {
        scopes.clear();
        scopes.add(previouslyApprovedScope);
        scopes.add(requestedScope);
    }).build();
    when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))).thenReturn(registeredClient);
    OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).principalName(this.principal.getName()).build();
    OAuth2AuthorizationCodeRequestAuthenticationToken authentication = authorizationConsentRequestAuthentication(registeredClient, this.principal).scopes(// No scopes approved
    new HashSet<>()).build();
    when(this.authorizationService.findByToken(eq(authentication.getState()), eq(STATE_TOKEN_TYPE))).thenReturn(authorization);
    OAuth2AuthorizationConsent previousAuthorizationConsent = OAuth2AuthorizationConsent.withId(authorization.getRegisteredClientId(), authorization.getPrincipalName()).scope(previouslyApprovedScope).build();
    when(this.authorizationConsentService.findById(eq(authorization.getRegisteredClientId()), eq(authorization.getPrincipalName()))).thenReturn(previousAuthorizationConsent);
    OAuth2AuthorizationCodeRequestAuthenticationToken authenticationResult = (OAuth2AuthorizationCodeRequestAuthenticationToken) this.authenticationProvider.authenticate(authentication);
    verify(this.authorizationConsentService, never()).save(any());
    assertThat(authenticationResult.getScopes()).isEqualTo(Collections.singleton(previouslyApprovedScope));
}

Example 9 with RegisteredClient

use of org.springframework.security.oauth2.server.authorization.client.RegisteredClient in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeRequestAuthenticationProviderTests method authenticateWhenCustomAuthenticationValidatorResolverThenUsed.

@Test
public void authenticateWhenCustomAuthenticationValidatorResolverThenUsed() {
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
    when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))).thenReturn(registeredClient);
    @SuppressWarnings("unchecked") Function<String, OAuth2AuthenticationValidator> authenticationValidatorResolver = mock(Function.class);
    this.authenticationProvider.setAuthenticationValidatorResolver(authenticationValidatorResolver);
    OAuth2AuthorizationCodeRequestAuthenticationToken authentication = authorizationCodeRequestAuthentication(registeredClient, this.principal).build();
    OAuth2AuthorizationCodeRequestAuthenticationToken authenticationResult = (OAuth2AuthorizationCodeRequestAuthenticationToken) this.authenticationProvider.authenticate(authentication);
    assertAuthorizationCodeRequestWithAuthorizationCodeResult(registeredClient, authentication, authenticationResult);
    ArgumentCaptor<String> parameterNameCaptor = ArgumentCaptor.forClass(String.class);
    verify(authenticationValidatorResolver, times(2)).apply(parameterNameCaptor.capture());
    assertThat(parameterNameCaptor.getAllValues()).containsExactly(OAuth2ParameterNames.REDIRECT_URI, OAuth2ParameterNames.SCOPE);
}

Example 10 with RegisteredClient

use of org.springframework.security.oauth2.server.authorization.client.RegisteredClient in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeRequestAuthenticationProviderTests method authenticateWhenInvalidClientIdThenThrowOAuth2AuthorizationCodeRequestAuthenticationException.

@Test
public void authenticateWhenInvalidClientIdThenThrowOAuth2AuthorizationCodeRequestAuthenticationException() {
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
    OAuth2AuthorizationCodeRequestAuthenticationToken authentication = authorizationCodeRequestAuthentication(registeredClient, this.principal).build();
    assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)).isInstanceOf(OAuth2AuthorizationCodeRequestAuthenticationException.class).satisfies(ex -> assertAuthenticationException((OAuth2AuthorizationCodeRequestAuthenticationException) ex, OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ParameterNames.CLIENT_ID, null));
}