Examples with ClientSettings org.springframework.security.oauth2.server.authorization.config.ClientSettings used on opensource projects

Search in sources :

Example 1 with ClientSettings

use of org.springframework.security.oauth2.server.authorization.config.ClientSettings in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeRequestAuthenticationProviderTests method authenticateWhenPkceRequiredAndMissingCodeChallengeThenThrowOAuth2AuthorizationCodeRequestAuthenticationException.

@Test
public void authenticateWhenPkceRequiredAndMissingCodeChallengeThenThrowOAuth2AuthorizationCodeRequestAuthenticationException() {
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().clientSettings(ClientSettings.builder().requireProofKey(true).build()).build();
    when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))).thenReturn(registeredClient);
    OAuth2AuthorizationCodeRequestAuthenticationToken authentication = authorizationCodeRequestAuthentication(registeredClient, this.principal).build();
    assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)).isInstanceOf(OAuth2AuthorizationCodeRequestAuthenticationException.class).satisfies(ex -> assertAuthenticationException((OAuth2AuthorizationCodeRequestAuthenticationException) ex, OAuth2ErrorCodes.INVALID_REQUEST, PkceParameterNames.CODE_CHALLENGE, authentication.getRedirectUri()));
}
Also used : RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) Test(org.junit.Test)

Example 2 with ClientSettings

use of org.springframework.security.oauth2.server.authorization.config.ClientSettings in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeRequestAuthenticationProviderTests method authenticateWhenRequireAuthorizationConsentAndAllPreviouslyApprovedThenAuthorizationConsentNotRequired.

@Test
public void authenticateWhenRequireAuthorizationConsentAndAllPreviouslyApprovedThenAuthorizationConsentNotRequired() {
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build()).build();
    when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))).thenReturn(registeredClient);
    OAuth2AuthorizationConsent.Builder builder = OAuth2AuthorizationConsent.withId(registeredClient.getId(), this.principal.getName());
    registeredClient.getScopes().forEach(builder::scope);
    OAuth2AuthorizationConsent previousAuthorizationConsent = builder.build();
    when(this.authorizationConsentService.findById(eq(registeredClient.getId()), eq(this.principal.getName()))).thenReturn(previousAuthorizationConsent);
    OAuth2AuthorizationCodeRequestAuthenticationToken authentication = authorizationCodeRequestAuthentication(registeredClient, this.principal).build();
    OAuth2AuthorizationCodeRequestAuthenticationToken authenticationResult = (OAuth2AuthorizationCodeRequestAuthenticationToken) this.authenticationProvider.authenticate(authentication);
    assertAuthorizationCodeRequestWithAuthorizationCodeResult(registeredClient, authentication, authenticationResult);
}
Also used : OAuth2AuthorizationConsent(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) Test(org.junit.Test)

Example 3 with ClientSettings

use of org.springframework.security.oauth2.server.authorization.config.ClientSettings in project spring-authorization-server by spring-projects.

the class OAuth2ClientAuthenticationProviderTests method authenticateWhenJwtClientAssertionAndMissingJwkSetUrlThenThrowOAuth2AuthenticationException.

@Test
public void authenticateWhenJwtClientAssertionAndMissingJwkSetUrlThenThrowOAuth2AuthenticationException() {
    // @formatter:off
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().clientAuthenticationMethod(ClientAuthenticationMethod.PRIVATE_KEY_JWT).clientSettings(ClientSettings.builder().tokenEndpointAuthenticationSigningAlgorithm(SignatureAlgorithm.RS256).build()).build();
    // @formatter:on
    when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))).thenReturn(registeredClient);
    OAuth2ClientAuthenticationToken authentication = new OAuth2ClientAuthenticationToken(registeredClient.getClientId(), JWT_CLIENT_ASSERTION_AUTHENTICATION_METHOD, "jwt-assertion", null);
    assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)).isInstanceOf(OAuth2AuthenticationException.class).extracting(ex -> ((OAuth2AuthenticationException) ex).getError()).satisfies(error -> {
        assertThat(error.getErrorCode()).isEqualTo(OAuth2ErrorCodes.INVALID_CLIENT);
        assertThat(error.getDescription()).isEqualTo("Failed to find a Signature Verifier for Client: '" + registeredClient.getId() + "'. Check to ensure you have configured the JWK Set URL.");
    });
}
Also used : UriComponentsBuilder(org.springframework.web.util.UriComponentsBuilder) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) RegisteredClientRepository(org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) SecretKeySpec(javax.crypto.spec.SecretKeySpec) JWKSet(com.nimbusds.jose.jwk.JWKSet) Mockito.verifyNoInteractions(org.mockito.Mockito.verifyNoInteractions) MacAlgorithm(org.springframework.security.oauth2.jose.jws.MacAlgorithm) TestOAuth2Authorizations(org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations) Map(java.util.Map) Jwt(org.springframework.security.oauth2.jwt.Jwt) OctetSequenceKey(com.nimbusds.jose.jwk.OctetSequenceKey) ProviderSettings(org.springframework.security.oauth2.server.authorization.config.ProviderSettings) JWKSource(com.nimbusds.jose.jwk.source.JWKSource) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) Instant(java.time.Instant) StandardCharsets(java.nio.charset.StandardCharsets) NoOpPasswordEncoder(org.springframework.security.crypto.password.NoOpPasswordEncoder) SecretKey(javax.crypto.SecretKey) BadJwtException(org.springframework.security.oauth2.jwt.BadJwtException) Mockito.mock(org.mockito.Mockito.mock) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) SecurityContext(com.nimbusds.jose.proc.SecurityContext) OAuth2ParameterNames(org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames) PkceParameterNames(org.springframework.security.oauth2.core.endpoint.PkceParameterNames) HashMap(java.util.HashMap) JwtEncoder(org.springframework.security.oauth2.jwt.JwtEncoder) Mockito.spy(org.mockito.Mockito.spy) JwtClaimsSet(org.springframework.security.oauth2.jwt.JwtClaimsSet) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) ClientAuthenticationMethod(org.springframework.security.oauth2.core.ClientAuthenticationMethod) JwtValidationException(org.springframework.security.oauth2.jwt.JwtValidationException) ClientSettings(org.springframework.security.oauth2.server.authorization.config.ClientSettings) Before(org.junit.Before) OAuth2Authorization(org.springframework.security.oauth2.server.authorization.OAuth2Authorization) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) TestKeys(org.springframework.security.oauth2.jose.TestKeys) TestJwks(org.springframework.security.oauth2.jose.TestJwks) Test(org.junit.Test) Mockito.when(org.mockito.Mockito.when) OAuth2ErrorCodes(org.springframework.security.oauth2.core.OAuth2ErrorCodes) NimbusJwsEncoder(org.springframework.security.oauth2.jwt.NimbusJwsEncoder) TestRegisteredClients(org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients) OAuth2AuthorizationService(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService) Mockito.verify(org.mockito.Mockito.verify) JoseHeader(org.springframework.security.oauth2.jwt.JoseHeader) ChronoUnit(java.time.temporal.ChronoUnit) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) SignatureAlgorithm(org.springframework.security.oauth2.jose.jws.SignatureAlgorithm) OAuth2TokenType(org.springframework.security.oauth2.core.OAuth2TokenType) Collections(java.util.Collections) AuthorizationGrantType(org.springframework.security.oauth2.core.AuthorizationGrantType) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) Test(org.junit.Test)

Example 4 with ClientSettings

use of org.springframework.security.oauth2.server.authorization.config.ClientSettings in project spring-authorization-server by spring-projects.

the class OAuth2ClientAuthenticationProviderTests method authenticateWhenJwtClientAssertionAndMissingClientSecretThenThrowOAuth2AuthenticationException.

@Test
public void authenticateWhenJwtClientAssertionAndMissingClientSecretThenThrowOAuth2AuthenticationException() {
    // @formatter:off
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().clientSecret(null).clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_JWT).clientSettings(ClientSettings.builder().tokenEndpointAuthenticationSigningAlgorithm(MacAlgorithm.HS256).build()).build();
    // @formatter:on
    when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))).thenReturn(registeredClient);
    OAuth2ClientAuthenticationToken authentication = new OAuth2ClientAuthenticationToken(registeredClient.getClientId(), JWT_CLIENT_ASSERTION_AUTHENTICATION_METHOD, "jwt-assertion", null);
    assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)).isInstanceOf(OAuth2AuthenticationException.class).extracting(ex -> ((OAuth2AuthenticationException) ex).getError()).satisfies(error -> {
        assertThat(error.getErrorCode()).isEqualTo(OAuth2ErrorCodes.INVALID_CLIENT);
        assertThat(error.getDescription()).isEqualTo("Failed to find a Signature Verifier for Client: '" + registeredClient.getId() + "'. Check to ensure you have configured the client secret.");
    });
}
Also used : UriComponentsBuilder(org.springframework.web.util.UriComponentsBuilder) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) RegisteredClientRepository(org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) SecretKeySpec(javax.crypto.spec.SecretKeySpec) JWKSet(com.nimbusds.jose.jwk.JWKSet) Mockito.verifyNoInteractions(org.mockito.Mockito.verifyNoInteractions) MacAlgorithm(org.springframework.security.oauth2.jose.jws.MacAlgorithm) TestOAuth2Authorizations(org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations) Map(java.util.Map) Jwt(org.springframework.security.oauth2.jwt.Jwt) OctetSequenceKey(com.nimbusds.jose.jwk.OctetSequenceKey) ProviderSettings(org.springframework.security.oauth2.server.authorization.config.ProviderSettings) JWKSource(com.nimbusds.jose.jwk.source.JWKSource) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) Instant(java.time.Instant) StandardCharsets(java.nio.charset.StandardCharsets) NoOpPasswordEncoder(org.springframework.security.crypto.password.NoOpPasswordEncoder) SecretKey(javax.crypto.SecretKey) BadJwtException(org.springframework.security.oauth2.jwt.BadJwtException) Mockito.mock(org.mockito.Mockito.mock) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) SecurityContext(com.nimbusds.jose.proc.SecurityContext) OAuth2ParameterNames(org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames) PkceParameterNames(org.springframework.security.oauth2.core.endpoint.PkceParameterNames) HashMap(java.util.HashMap) JwtEncoder(org.springframework.security.oauth2.jwt.JwtEncoder) Mockito.spy(org.mockito.Mockito.spy) JwtClaimsSet(org.springframework.security.oauth2.jwt.JwtClaimsSet) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) ClientAuthenticationMethod(org.springframework.security.oauth2.core.ClientAuthenticationMethod) JwtValidationException(org.springframework.security.oauth2.jwt.JwtValidationException) ClientSettings(org.springframework.security.oauth2.server.authorization.config.ClientSettings) Before(org.junit.Before) OAuth2Authorization(org.springframework.security.oauth2.server.authorization.OAuth2Authorization) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) TestKeys(org.springframework.security.oauth2.jose.TestKeys) TestJwks(org.springframework.security.oauth2.jose.TestJwks) Test(org.junit.Test) Mockito.when(org.mockito.Mockito.when) OAuth2ErrorCodes(org.springframework.security.oauth2.core.OAuth2ErrorCodes) NimbusJwsEncoder(org.springframework.security.oauth2.jwt.NimbusJwsEncoder) TestRegisteredClients(org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients) OAuth2AuthorizationService(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService) Mockito.verify(org.mockito.Mockito.verify) JoseHeader(org.springframework.security.oauth2.jwt.JoseHeader) ChronoUnit(java.time.temporal.ChronoUnit) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) SignatureAlgorithm(org.springframework.security.oauth2.jose.jws.SignatureAlgorithm) OAuth2TokenType(org.springframework.security.oauth2.core.OAuth2TokenType) Collections(java.util.Collections) AuthorizationGrantType(org.springframework.security.oauth2.core.AuthorizationGrantType) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) Test(org.junit.Test)

Example 5 with ClientSettings

use of org.springframework.security.oauth2.server.authorization.config.ClientSettings in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeRequestAuthenticationProviderTests method authenticateWhenRequireAuthorizationConsentAndOnlyOpenidScopeRequestedThenAuthorizationConsentNotRequired.

@Test
public void authenticateWhenRequireAuthorizationConsentAndOnlyOpenidScopeRequestedThenAuthorizationConsentNotRequired() {
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build()).scopes(scopes -> {
        scopes.clear();
        scopes.add(OidcScopes.OPENID);
    }).build();
    when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))).thenReturn(registeredClient);
    OAuth2AuthorizationCodeRequestAuthenticationToken authentication = authorizationCodeRequestAuthentication(registeredClient, this.principal).build();
    OAuth2AuthorizationCodeRequestAuthenticationToken authenticationResult = (OAuth2AuthorizationCodeRequestAuthenticationToken) this.authenticationProvider.authenticate(authentication);
    assertAuthorizationCodeRequestWithAuthorizationCodeResult(registeredClient, authentication, authenticationResult);
}
Also used : ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) OAuth2ParameterNames(org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) PkceParameterNames(org.springframework.security.oauth2.core.endpoint.PkceParameterNames) OAuth2TokenGenerator(org.springframework.security.oauth2.server.authorization.OAuth2TokenGenerator) OAuth2AuthorizationResponseType(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) RegisteredClientRepository(org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) HashMap(java.util.HashMap) Mockito.spy(org.mockito.Mockito.spy) Function(java.util.function.Function) Supplier(java.util.function.Supplier) OAuth2AuthorizationConsentService(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsentService) HashSet(java.util.HashSet) TestOAuth2Authorizations(org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations) ArgumentCaptor(org.mockito.ArgumentCaptor) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) Map(java.util.Map) OidcScopes(org.springframework.security.oauth2.core.oidc.OidcScopes) OAuth2AuthenticationValidator(org.springframework.security.oauth2.core.authentication.OAuth2AuthenticationValidator) ClientSettings(org.springframework.security.oauth2.server.authorization.config.ClientSettings) Before(org.junit.Before) OAuth2Authorization(org.springframework.security.oauth2.server.authorization.OAuth2Authorization) ProviderSettings(org.springframework.security.oauth2.server.authorization.config.ProviderSettings) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) OAuth2AuthorizationConsent(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) Set(java.util.Set) Test(org.junit.Test) Mockito.times(org.mockito.Mockito.times) Mockito.when(org.mockito.Mockito.when) OAuth2ErrorCodes(org.springframework.security.oauth2.core.OAuth2ErrorCodes) TestRegisteredClients(org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients) OAuth2AuthorizationService(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService) Mockito.verify(org.mockito.Mockito.verify) Consumer(java.util.function.Consumer) ProviderContextHolder(org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder) Mockito.never(org.mockito.Mockito.never) Principal(java.security.Principal) OAuth2AuthorizationCode(org.springframework.security.oauth2.core.OAuth2AuthorizationCode) OAuth2TokenType(org.springframework.security.oauth2.core.OAuth2TokenType) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) ProviderContext(org.springframework.security.oauth2.server.authorization.context.ProviderContext) Authentication(org.springframework.security.core.Authentication) Collections(java.util.Collections) AuthorizationGrantType(org.springframework.security.oauth2.core.AuthorizationGrantType) Mockito.mock(org.mockito.Mockito.mock) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) Test(org.junit.Test)

Aggregations

RegisteredClient (org.springframework.security.oauth2.server.authorization.client.RegisteredClient)20 Test (org.junit.Test)14 OAuth2Authorization (org.springframework.security.oauth2.server.authorization.OAuth2Authorization)11 Jwt (org.springframework.security.oauth2.jwt.Jwt)8 Collections (java.util.Collections)6 AuthorizationGrantType (org.springframework.security.oauth2.core.AuthorizationGrantType)6 OAuth2ErrorCodes (org.springframework.security.oauth2.core.OAuth2ErrorCodes)6 OAuth2TokenType (org.springframework.security.oauth2.core.OAuth2TokenType)6 OAuth2ParameterNames (org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames)6 JoseHeader (org.springframework.security.oauth2.jwt.JoseHeader)6 JwtClaimsSet (org.springframework.security.oauth2.jwt.JwtClaimsSet)6 JwtEncoder (org.springframework.security.oauth2.jwt.JwtEncoder)6 Instant (java.time.Instant)5 HashMap (java.util.HashMap)5 Map (java.util.Map)5 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)5 Assertions.assertThatThrownBy (org.assertj.core.api.Assertions.assertThatThrownBy)5 Before (org.junit.Before)5 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)5 ArgumentMatchers.eq (org.mockito.ArgumentMatchers.eq)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial