From b0862336d327aec7e2c696f2c32aa8880176d11f Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Mon, 23 Oct 2023 06:53:31 -0400 Subject: [PATCH] Fix tests for OIDC Provider Configuration Endpoint Closes gh-1416 --- .../OidcProviderConfigurationTests.java | 12 +-- .../oidc/OidcProviderConfigurationTests.java | 98 +++++++++---------- ...onfigurationHttpMessageConverterTests.java | 66 ++++++------- ...viderConfigurationEndpointFilterTests.java | 18 ++-- 4 files changed, 97 insertions(+), 97 deletions(-) diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcProviderConfigurationTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcProviderConfigurationTests.java index 117e66e3..21cf9898 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcProviderConfigurationTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcProviderConfigurationTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 the original author or authors. + * Copyright 2020-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -63,7 +63,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. @ExtendWith(SpringTestContextExtension.class) public class OidcProviderConfigurationTests { private static final String DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI = "/.well-known/openid-configuration"; - private static final String ISSUER_URL = "https://example.com/issuer1"; + private static final String ISSUER_URL = "https://example.com"; public final SpringTestContext spring = new SpringTestContext(); @@ -77,7 +77,7 @@ public class OidcProviderConfigurationTests { public void requestWhenConfigurationRequestAndIssuerSetThenReturnDefaultConfigurationResponse() throws Exception { this.spring.register(AuthorizationServerConfiguration.class).autowire(); - this.mvc.perform(get(DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI)) + this.mvc.perform(get(ISSUER_URL.concat(DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI))) .andExpect(status().is2xxSuccessful()) .andExpectAll(defaultConfigurationMatchers()); } @@ -87,7 +87,7 @@ public class OidcProviderConfigurationTests { public void requestWhenConfigurationRequestAndUserAuthenticatedThenReturnConfigurationResponse() throws Exception { this.spring.register(AuthorizationServerConfiguration.class).autowire(); - this.mvc.perform(get(DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI) + this.mvc.perform(get(ISSUER_URL.concat(DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI)) .with(user("user"))) .andExpect(status().is2xxSuccessful()) .andExpectAll(defaultConfigurationMatchers()); @@ -98,7 +98,7 @@ public class OidcProviderConfigurationTests { public void requestWhenConfigurationRequestAndConfigurationCustomizerSetThenReturnCustomConfigurationResponse() throws Exception { this.spring.register(AuthorizationServerConfigurationWithProviderConfigurationCustomizer.class).autowire(); - this.mvc.perform(get(DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI)) + this.mvc.perform(get(ISSUER_URL.concat(DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI))) .andExpect(status().is2xxSuccessful()) .andExpect(jsonPath(OAuth2AuthorizationServerMetadataClaimNames.SCOPES_SUPPORTED, hasItems(OidcScopes.OPENID, OidcScopes.PROFILE, OidcScopes.EMAIL))); @@ -108,7 +108,7 @@ public class OidcProviderConfigurationTests { public void requestWhenConfigurationRequestAndClientRegistrationEnabledThenConfigurationResponseIncludesRegistrationEndpoint() throws Exception { this.spring.register(AuthorizationServerConfigurationWithClientRegistrationEnabled.class).autowire(); - this.mvc.perform(get(DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI)) + this.mvc.perform(get(ISSUER_URL.concat(DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI))) .andExpect(status().is2xxSuccessful()) .andExpectAll(defaultConfigurationMatchers()) .andExpect(jsonPath("$.registration_endpoint").value(ISSUER_URL.concat(this.authorizationServerSettings.getOidcClientRegistrationEndpoint()))); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/OidcProviderConfigurationTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/OidcProviderConfigurationTests.java index 567e0f63..b29dcc53 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/OidcProviderConfigurationTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/OidcProviderConfigurationTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 the original author or authors. + * Copyright 2020-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -37,10 +37,10 @@ import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException public class OidcProviderConfigurationTests { private final OidcProviderConfiguration.Builder minimalConfigurationBuilder = OidcProviderConfiguration.builder() - .issuer("https://example.com/issuer1") - .authorizationEndpoint("https://example.com/issuer1/oauth2/authorize") - .tokenEndpoint("https://example.com/issuer1/oauth2/token") - .jwkSetUrl("https://example.com/issuer1/oauth2/jwks") + .issuer("https://example.com") + .authorizationEndpoint("https://example.com/oauth2/authorize") + .tokenEndpoint("https://example.com/oauth2/token") + .jwkSetUrl("https://example.com/oauth2/jwks") .scope("openid") .responseType("code") .subjectType("public") @@ -49,54 +49,54 @@ public class OidcProviderConfigurationTests { @Test public void buildWhenAllRequiredClaimsAndAdditionalClaimsThenCreated() { OidcProviderConfiguration providerConfiguration = OidcProviderConfiguration.builder() - .issuer("https://example.com/issuer1") - .authorizationEndpoint("https://example.com/issuer1/oauth2/authorize") - .tokenEndpoint("https://example.com/issuer1/oauth2/token") - .jwkSetUrl("https://example.com/issuer1/oauth2/jwks") + .issuer("https://example.com") + .authorizationEndpoint("https://example.com/oauth2/authorize") + .tokenEndpoint("https://example.com/oauth2/token") + .jwkSetUrl("https://example.com/oauth2/jwks") .scope("openid") .responseType("code") .grantType("authorization_code") .grantType("client_credentials") .subjectType("public") .idTokenSigningAlgorithm("RS256") - .userInfoEndpoint("https://example.com/issuer1/userinfo") + .userInfoEndpoint("https://example.com/userinfo") .tokenEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue()) - .clientRegistrationEndpoint("https://example.com/issuer1/connect/register") + .clientRegistrationEndpoint("https://example.com/connect/register") .claim("a-claim", "a-value") .build(); - assertThat(providerConfiguration.getIssuer()).isEqualTo(url("https://example.com/issuer1")); - assertThat(providerConfiguration.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/authorize")); - assertThat(providerConfiguration.getTokenEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/token")); - assertThat(providerConfiguration.getJwkSetUrl()).isEqualTo(url("https://example.com/issuer1/oauth2/jwks")); + assertThat(providerConfiguration.getIssuer()).isEqualTo(url("https://example.com")); + assertThat(providerConfiguration.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/oauth2/authorize")); + assertThat(providerConfiguration.getTokenEndpoint()).isEqualTo(url("https://example.com/oauth2/token")); + assertThat(providerConfiguration.getJwkSetUrl()).isEqualTo(url("https://example.com/oauth2/jwks")); assertThat(providerConfiguration.getScopes()).containsExactly("openid"); assertThat(providerConfiguration.getResponseTypes()).containsExactly("code"); assertThat(providerConfiguration.getGrantTypes()).containsExactlyInAnyOrder("authorization_code", "client_credentials"); assertThat(providerConfiguration.getSubjectTypes()).containsExactly("public"); assertThat(providerConfiguration.getIdTokenSigningAlgorithms()).containsExactly("RS256"); - assertThat(providerConfiguration.getUserInfoEndpoint()).isEqualTo(url("https://example.com/issuer1/userinfo")); + assertThat(providerConfiguration.getUserInfoEndpoint()).isEqualTo(url("https://example.com/userinfo")); assertThat(providerConfiguration.getTokenEndpointAuthenticationMethods()).containsExactly(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue()); - assertThat(providerConfiguration.getClientRegistrationEndpoint()).isEqualTo(url("https://example.com/issuer1/connect/register")); + assertThat(providerConfiguration.getClientRegistrationEndpoint()).isEqualTo(url("https://example.com/connect/register")); assertThat(providerConfiguration.getClaim("a-claim")).isEqualTo("a-value"); } @Test public void buildWhenOnlyRequiredClaimsThenCreated() { OidcProviderConfiguration providerConfiguration = OidcProviderConfiguration.builder() - .issuer("https://example.com/issuer1") - .authorizationEndpoint("https://example.com/issuer1/oauth2/authorize") - .tokenEndpoint("https://example.com/issuer1/oauth2/token") - .jwkSetUrl("https://example.com/issuer1/oauth2/jwks") + .issuer("https://example.com") + .authorizationEndpoint("https://example.com/oauth2/authorize") + .tokenEndpoint("https://example.com/oauth2/token") + .jwkSetUrl("https://example.com/oauth2/jwks") .scope("openid") .responseType("code") .subjectType("public") .idTokenSigningAlgorithm("RS256") .build(); - assertThat(providerConfiguration.getIssuer()).isEqualTo(url("https://example.com/issuer1")); - assertThat(providerConfiguration.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/authorize")); - assertThat(providerConfiguration.getTokenEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/token")); - assertThat(providerConfiguration.getJwkSetUrl()).isEqualTo(url("https://example.com/issuer1/oauth2/jwks")); + assertThat(providerConfiguration.getIssuer()).isEqualTo(url("https://example.com")); + assertThat(providerConfiguration.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/oauth2/authorize")); + assertThat(providerConfiguration.getTokenEndpoint()).isEqualTo(url("https://example.com/oauth2/token")); + assertThat(providerConfiguration.getJwkSetUrl()).isEqualTo(url("https://example.com/oauth2/jwks")); assertThat(providerConfiguration.getScopes()).containsExactly("openid"); assertThat(providerConfiguration.getResponseTypes()).containsExactly("code"); assertThat(providerConfiguration.getGrantTypes()).isNull(); @@ -108,64 +108,64 @@ public class OidcProviderConfigurationTests { @Test public void buildWhenClaimsProvidedThenCreated() { Map claims = new HashMap<>(); - claims.put(OidcProviderMetadataClaimNames.ISSUER, "https://example.com/issuer1"); - claims.put(OidcProviderMetadataClaimNames.AUTHORIZATION_ENDPOINT, "https://example.com/issuer1/oauth2/authorize"); - claims.put(OidcProviderMetadataClaimNames.TOKEN_ENDPOINT, "https://example.com/issuer1/oauth2/token"); - claims.put(OidcProviderMetadataClaimNames.JWKS_URI, "https://example.com/issuer1/oauth2/jwks"); + claims.put(OidcProviderMetadataClaimNames.ISSUER, "https://example.com"); + claims.put(OidcProviderMetadataClaimNames.AUTHORIZATION_ENDPOINT, "https://example.com/oauth2/authorize"); + claims.put(OidcProviderMetadataClaimNames.TOKEN_ENDPOINT, "https://example.com/oauth2/token"); + claims.put(OidcProviderMetadataClaimNames.JWKS_URI, "https://example.com/oauth2/jwks"); claims.put(OidcProviderMetadataClaimNames.SCOPES_SUPPORTED, Collections.singletonList("openid")); claims.put(OidcProviderMetadataClaimNames.RESPONSE_TYPES_SUPPORTED, Collections.singletonList("code")); claims.put(OidcProviderMetadataClaimNames.SUBJECT_TYPES_SUPPORTED, Collections.singletonList("public")); claims.put(OidcProviderMetadataClaimNames.ID_TOKEN_SIGNING_ALG_VALUES_SUPPORTED, Collections.singletonList("RS256")); - claims.put(OidcProviderMetadataClaimNames.USER_INFO_ENDPOINT, "https://example.com/issuer1/userinfo"); - claims.put(OidcProviderMetadataClaimNames.REGISTRATION_ENDPOINT, "https://example.com/issuer1/connect/register"); + claims.put(OidcProviderMetadataClaimNames.USER_INFO_ENDPOINT, "https://example.com/userinfo"); + claims.put(OidcProviderMetadataClaimNames.REGISTRATION_ENDPOINT, "https://example.com/connect/register"); claims.put("some-claim", "some-value"); OidcProviderConfiguration providerConfiguration = OidcProviderConfiguration.withClaims(claims).build(); - assertThat(providerConfiguration.getIssuer()).isEqualTo(url("https://example.com/issuer1")); - assertThat(providerConfiguration.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/authorize")); - assertThat(providerConfiguration.getTokenEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/token")); - assertThat(providerConfiguration.getJwkSetUrl()).isEqualTo(url("https://example.com/issuer1/oauth2/jwks")); + assertThat(providerConfiguration.getIssuer()).isEqualTo(url("https://example.com")); + assertThat(providerConfiguration.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/oauth2/authorize")); + assertThat(providerConfiguration.getTokenEndpoint()).isEqualTo(url("https://example.com/oauth2/token")); + assertThat(providerConfiguration.getJwkSetUrl()).isEqualTo(url("https://example.com/oauth2/jwks")); assertThat(providerConfiguration.getScopes()).containsExactly("openid"); assertThat(providerConfiguration.getResponseTypes()).containsExactly("code"); assertThat(providerConfiguration.getGrantTypes()).isNull(); assertThat(providerConfiguration.getSubjectTypes()).containsExactly("public"); assertThat(providerConfiguration.getIdTokenSigningAlgorithms()).containsExactly("RS256"); - assertThat(providerConfiguration.getUserInfoEndpoint()).isEqualTo(url("https://example.com/issuer1/userinfo")); + assertThat(providerConfiguration.getUserInfoEndpoint()).isEqualTo(url("https://example.com/userinfo")); assertThat(providerConfiguration.getTokenEndpointAuthenticationMethods()).isNull(); - assertThat(providerConfiguration.getClientRegistrationEndpoint()).isEqualTo(url("https://example.com/issuer1/connect/register")); + assertThat(providerConfiguration.getClientRegistrationEndpoint()).isEqualTo(url("https://example.com/connect/register")); assertThat(providerConfiguration.getClaim("some-claim")).isEqualTo("some-value"); } @Test public void buildWhenClaimsProvidedWithUrlsThenCreated() { Map claims = new HashMap<>(); - claims.put(OidcProviderMetadataClaimNames.ISSUER, url("https://example.com/issuer1")); - claims.put(OidcProviderMetadataClaimNames.AUTHORIZATION_ENDPOINT, url("https://example.com/issuer1/oauth2/authorize")); - claims.put(OidcProviderMetadataClaimNames.TOKEN_ENDPOINT, url("https://example.com/issuer1/oauth2/token")); - claims.put(OidcProviderMetadataClaimNames.JWKS_URI, url("https://example.com/issuer1/oauth2/jwks")); + claims.put(OidcProviderMetadataClaimNames.ISSUER, url("https://example.com")); + claims.put(OidcProviderMetadataClaimNames.AUTHORIZATION_ENDPOINT, url("https://example.com/oauth2/authorize")); + claims.put(OidcProviderMetadataClaimNames.TOKEN_ENDPOINT, url("https://example.com/oauth2/token")); + claims.put(OidcProviderMetadataClaimNames.JWKS_URI, url("https://example.com/oauth2/jwks")); claims.put(OidcProviderMetadataClaimNames.SCOPES_SUPPORTED, Collections.singletonList("openid")); claims.put(OidcProviderMetadataClaimNames.RESPONSE_TYPES_SUPPORTED, Collections.singletonList("code")); claims.put(OidcProviderMetadataClaimNames.SUBJECT_TYPES_SUPPORTED, Collections.singletonList("public")); claims.put(OidcProviderMetadataClaimNames.ID_TOKEN_SIGNING_ALG_VALUES_SUPPORTED, Collections.singletonList("RS256")); - claims.put(OidcProviderMetadataClaimNames.USER_INFO_ENDPOINT, url("https://example.com/issuer1/userinfo")); - claims.put(OidcProviderMetadataClaimNames.REGISTRATION_ENDPOINT, url("https://example.com/issuer1/connect/register")); + claims.put(OidcProviderMetadataClaimNames.USER_INFO_ENDPOINT, url("https://example.com/userinfo")); + claims.put(OidcProviderMetadataClaimNames.REGISTRATION_ENDPOINT, url("https://example.com/connect/register")); claims.put("some-claim", "some-value"); OidcProviderConfiguration providerConfiguration = OidcProviderConfiguration.withClaims(claims).build(); - assertThat(providerConfiguration.getIssuer()).isEqualTo(url("https://example.com/issuer1")); - assertThat(providerConfiguration.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/authorize")); - assertThat(providerConfiguration.getTokenEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/token")); - assertThat(providerConfiguration.getJwkSetUrl()).isEqualTo(url("https://example.com/issuer1/oauth2/jwks")); + assertThat(providerConfiguration.getIssuer()).isEqualTo(url("https://example.com")); + assertThat(providerConfiguration.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/oauth2/authorize")); + assertThat(providerConfiguration.getTokenEndpoint()).isEqualTo(url("https://example.com/oauth2/token")); + assertThat(providerConfiguration.getJwkSetUrl()).isEqualTo(url("https://example.com/oauth2/jwks")); assertThat(providerConfiguration.getScopes()).containsExactly("openid"); assertThat(providerConfiguration.getResponseTypes()).containsExactly("code"); assertThat(providerConfiguration.getGrantTypes()).isNull(); assertThat(providerConfiguration.getSubjectTypes()).containsExactly("public"); assertThat(providerConfiguration.getIdTokenSigningAlgorithms()).containsExactly("RS256"); - assertThat(providerConfiguration.getUserInfoEndpoint()).isEqualTo(url("https://example.com/issuer1/userinfo")); + assertThat(providerConfiguration.getUserInfoEndpoint()).isEqualTo(url("https://example.com/userinfo")); assertThat(providerConfiguration.getTokenEndpointAuthenticationMethods()).isNull(); - assertThat(providerConfiguration.getClientRegistrationEndpoint()).isEqualTo(url("https://example.com/issuer1/connect/register")); + assertThat(providerConfiguration.getClientRegistrationEndpoint()).isEqualTo(url("https://example.com/connect/register")); assertThat(providerConfiguration.getClaim("some-claim")).isEqualTo("some-value"); } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/http/converter/OidcProviderConfigurationHttpMessageConverterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/http/converter/OidcProviderConfigurationHttpMessageConverterTests.java index 1db31b06..f3658f52 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/http/converter/OidcProviderConfigurationHttpMessageConverterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/http/converter/OidcProviderConfigurationHttpMessageConverterTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 the original author or authors. + * Copyright 2020-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -61,10 +61,10 @@ public class OidcProviderConfigurationHttpMessageConverterTests { public void readInternalWhenRequiredParametersThenSuccess() throws Exception { // @formatter:off String providerConfigurationResponse = "{\n" - + " \"issuer\": \"https://example.com/issuer1\",\n" - + " \"authorization_endpoint\": \"https://example.com/issuer1/oauth2/authorize\",\n" - + " \"token_endpoint\": \"https://example.com/issuer1/oauth2/token\",\n" - + " \"jwks_uri\": \"https://example.com/issuer1/oauth2/jwks\",\n" + + " \"issuer\": \"https://example.com\",\n" + + " \"authorization_endpoint\": \"https://example.com/oauth2/authorize\",\n" + + " \"token_endpoint\": \"https://example.com/oauth2/token\",\n" + + " \"jwks_uri\": \"https://example.com/oauth2/jwks\",\n" + " \"response_types_supported\": [\"code\"],\n" + " \"subject_types_supported\": [\"public\"],\n" + " \"id_token_signing_alg_values_supported\": [\"RS256\"]\n" @@ -74,10 +74,10 @@ public class OidcProviderConfigurationHttpMessageConverterTests { OidcProviderConfiguration providerConfiguration = this.messageConverter .readInternal(OidcProviderConfiguration.class, response); - assertThat(providerConfiguration.getIssuer()).isEqualTo(new URL("https://example.com/issuer1")); - assertThat(providerConfiguration.getAuthorizationEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/authorize")); - assertThat(providerConfiguration.getTokenEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/token")); - assertThat(providerConfiguration.getJwkSetUrl()).isEqualTo(new URL("https://example.com/issuer1/oauth2/jwks")); + assertThat(providerConfiguration.getIssuer()).isEqualTo(new URL("https://example.com")); + assertThat(providerConfiguration.getAuthorizationEndpoint()).isEqualTo(new URL("https://example.com/oauth2/authorize")); + assertThat(providerConfiguration.getTokenEndpoint()).isEqualTo(new URL("https://example.com/oauth2/token")); + assertThat(providerConfiguration.getJwkSetUrl()).isEqualTo(new URL("https://example.com/oauth2/jwks")); assertThat(providerConfiguration.getResponseTypes()).containsExactly("code"); assertThat(providerConfiguration.getSubjectTypes()).containsExactly("public"); assertThat(providerConfiguration.getIdTokenSigningAlgorithms()).containsExactly("RS256"); @@ -90,11 +90,11 @@ public class OidcProviderConfigurationHttpMessageConverterTests { public void readInternalWhenValidParametersThenSuccess() throws Exception { // @formatter:off String providerConfigurationResponse = "{\n" - + " \"issuer\": \"https://example.com/issuer1\",\n" - + " \"authorization_endpoint\": \"https://example.com/issuer1/oauth2/authorize\",\n" - + " \"token_endpoint\": \"https://example.com/issuer1/oauth2/token\",\n" - + " \"jwks_uri\": \"https://example.com/issuer1/oauth2/jwks\",\n" - + " \"userinfo_endpoint\": \"https://example.com/issuer1/userinfo\",\n" + + " \"issuer\": \"https://example.com\",\n" + + " \"authorization_endpoint\": \"https://example.com/oauth2/authorize\",\n" + + " \"token_endpoint\": \"https://example.com/oauth2/token\",\n" + + " \"jwks_uri\": \"https://example.com/oauth2/jwks\",\n" + + " \"userinfo_endpoint\": \"https://example.com/userinfo\",\n" + " \"scopes_supported\": [\"openid\"],\n" + " \"response_types_supported\": [\"code\"],\n" + " \"grant_types_supported\": [\"authorization_code\", \"client_credentials\"],\n" @@ -109,11 +109,11 @@ public class OidcProviderConfigurationHttpMessageConverterTests { OidcProviderConfiguration providerConfiguration = this.messageConverter .readInternal(OidcProviderConfiguration.class, response); - assertThat(providerConfiguration.getIssuer()).isEqualTo(new URL("https://example.com/issuer1")); - assertThat(providerConfiguration.getAuthorizationEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/authorize")); - assertThat(providerConfiguration.getTokenEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/token")); - assertThat(providerConfiguration.getJwkSetUrl()).isEqualTo(new URL("https://example.com/issuer1/oauth2/jwks")); - assertThat(providerConfiguration.getUserInfoEndpoint()).isEqualTo(new URL("https://example.com/issuer1/userinfo")); + assertThat(providerConfiguration.getIssuer()).isEqualTo(new URL("https://example.com")); + assertThat(providerConfiguration.getAuthorizationEndpoint()).isEqualTo(new URL("https://example.com/oauth2/authorize")); + assertThat(providerConfiguration.getTokenEndpoint()).isEqualTo(new URL("https://example.com/oauth2/token")); + assertThat(providerConfiguration.getJwkSetUrl()).isEqualTo(new URL("https://example.com/oauth2/jwks")); + assertThat(providerConfiguration.getUserInfoEndpoint()).isEqualTo(new URL("https://example.com/userinfo")); assertThat(providerConfiguration.getScopes()).containsExactly("openid"); assertThat(providerConfiguration.getResponseTypes()).containsExactly("code"); assertThat(providerConfiguration.getGrantTypes()).containsExactlyInAnyOrder("authorization_code", "client_credentials"); @@ -153,11 +153,11 @@ public class OidcProviderConfigurationHttpMessageConverterTests { public void writeInternalWhenProviderConfigurationThenSuccess() { OidcProviderConfiguration providerConfiguration = OidcProviderConfiguration.builder() - .issuer("https://example.com/issuer1") - .authorizationEndpoint("https://example.com/issuer1/oauth2/authorize") - .tokenEndpoint("https://example.com/issuer1/oauth2/token") - .jwkSetUrl("https://example.com/issuer1/oauth2/jwks") - .userInfoEndpoint("https://example.com/issuer1/userinfo") + .issuer("https://example.com") + .authorizationEndpoint("https://example.com/oauth2/authorize") + .tokenEndpoint("https://example.com/oauth2/token") + .jwkSetUrl("https://example.com/oauth2/jwks") + .userInfoEndpoint("https://example.com/userinfo") .scope("openid") .responseType("code") .grantType("authorization_code") @@ -173,11 +173,11 @@ public class OidcProviderConfigurationHttpMessageConverterTests { this.messageConverter.writeInternal(providerConfiguration, outputMessage); String providerConfigurationResponse = outputMessage.getBodyAsString(); - assertThat(providerConfigurationResponse).contains("\"issuer\":\"https://example.com/issuer1\""); - assertThat(providerConfigurationResponse).contains("\"authorization_endpoint\":\"https://example.com/issuer1/oauth2/authorize\""); - assertThat(providerConfigurationResponse).contains("\"token_endpoint\":\"https://example.com/issuer1/oauth2/token\""); - assertThat(providerConfigurationResponse).contains("\"jwks_uri\":\"https://example.com/issuer1/oauth2/jwks\""); - assertThat(providerConfigurationResponse).contains("\"userinfo_endpoint\":\"https://example.com/issuer1/userinfo\""); + assertThat(providerConfigurationResponse).contains("\"issuer\":\"https://example.com\""); + assertThat(providerConfigurationResponse).contains("\"authorization_endpoint\":\"https://example.com/oauth2/authorize\""); + assertThat(providerConfigurationResponse).contains("\"token_endpoint\":\"https://example.com/oauth2/token\""); + assertThat(providerConfigurationResponse).contains("\"jwks_uri\":\"https://example.com/oauth2/jwks\""); + assertThat(providerConfigurationResponse).contains("\"userinfo_endpoint\":\"https://example.com/userinfo\""); assertThat(providerConfigurationResponse).contains("\"scopes_supported\":[\"openid\"]"); assertThat(providerConfigurationResponse).contains("\"response_types_supported\":[\"code\"]"); assertThat(providerConfigurationResponse).contains("\"grant_types_supported\":[\"authorization_code\",\"client_credentials\"]"); @@ -199,10 +199,10 @@ public class OidcProviderConfigurationHttpMessageConverterTests { OidcProviderConfiguration providerConfiguration = OidcProviderConfiguration.builder() - .issuer("https://example.com/issuer1") - .authorizationEndpoint("https://example.com/issuer1/oauth2/authorize") - .tokenEndpoint("https://example.com/issuer1/oauth2/token") - .jwkSetUrl("https://example.com/issuer1/oauth2/jwks") + .issuer("https://example.com") + .authorizationEndpoint("https://example.com/oauth2/authorize") + .tokenEndpoint("https://example.com/oauth2/token") + .jwkSetUrl("https://example.com/oauth2/jwks") .responseType("code") .subjectType("public") .idTokenSigningAlgorithm("RS256") diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java index 61a6e798..6e9ade2c 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 the original author or authors. + * Copyright 2020-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -87,7 +87,7 @@ public class OidcProviderConfigurationEndpointFilterTests { @Test public void doFilterWhenConfigurationRequestThenConfigurationResponse() throws Exception { - String issuer = "https://example.com/issuer1"; + String issuer = "https://example.com"; String authorizationEndpoint = "/oauth2/v1/authorize"; String tokenEndpoint = "/oauth2/v1/token"; String jwkSetEndpoint = "/oauth2/v1/jwks"; @@ -118,20 +118,20 @@ public class OidcProviderConfigurationEndpointFilterTests { assertThat(response.getContentType()).isEqualTo(MediaType.APPLICATION_JSON_VALUE); String providerConfigurationResponse = response.getContentAsString(); - assertThat(providerConfigurationResponse).contains("\"issuer\":\"https://example.com/issuer1\""); - assertThat(providerConfigurationResponse).contains("\"authorization_endpoint\":\"https://example.com/issuer1/oauth2/v1/authorize\""); - assertThat(providerConfigurationResponse).contains("\"token_endpoint\":\"https://example.com/issuer1/oauth2/v1/token\""); - assertThat(providerConfigurationResponse).contains("\"jwks_uri\":\"https://example.com/issuer1/oauth2/v1/jwks\""); + assertThat(providerConfigurationResponse).contains("\"issuer\":\"https://example.com\""); + assertThat(providerConfigurationResponse).contains("\"authorization_endpoint\":\"https://example.com/oauth2/v1/authorize\""); + assertThat(providerConfigurationResponse).contains("\"token_endpoint\":\"https://example.com/oauth2/v1/token\""); + assertThat(providerConfigurationResponse).contains("\"jwks_uri\":\"https://example.com/oauth2/v1/jwks\""); assertThat(providerConfigurationResponse).contains("\"scopes_supported\":[\"openid\"]"); assertThat(providerConfigurationResponse).contains("\"response_types_supported\":[\"code\"]"); assertThat(providerConfigurationResponse).contains("\"grant_types_supported\":[\"authorization_code\",\"client_credentials\",\"refresh_token\"]"); - assertThat(providerConfigurationResponse).contains("\"revocation_endpoint\":\"https://example.com/issuer1/oauth2/v1/revoke\""); + assertThat(providerConfigurationResponse).contains("\"revocation_endpoint\":\"https://example.com/oauth2/v1/revoke\""); assertThat(providerConfigurationResponse).contains("\"revocation_endpoint_auth_methods_supported\":[\"client_secret_basic\",\"client_secret_post\",\"client_secret_jwt\",\"private_key_jwt\"]"); - assertThat(providerConfigurationResponse).contains("\"introspection_endpoint\":\"https://example.com/issuer1/oauth2/v1/introspect\""); + assertThat(providerConfigurationResponse).contains("\"introspection_endpoint\":\"https://example.com/oauth2/v1/introspect\""); assertThat(providerConfigurationResponse).contains("\"introspection_endpoint_auth_methods_supported\":[\"client_secret_basic\",\"client_secret_post\",\"client_secret_jwt\",\"private_key_jwt\"]"); assertThat(providerConfigurationResponse).contains("\"subject_types_supported\":[\"public\"]"); assertThat(providerConfigurationResponse).contains("\"id_token_signing_alg_values_supported\":[\"RS256\"]"); - assertThat(providerConfigurationResponse).contains("\"userinfo_endpoint\":\"https://example.com/issuer1/userinfo\""); + assertThat(providerConfigurationResponse).contains("\"userinfo_endpoint\":\"https://example.com/userinfo\""); assertThat(providerConfigurationResponse).contains("\"token_endpoint_auth_methods_supported\":[\"client_secret_basic\",\"client_secret_post\",\"client_secret_jwt\",\"private_key_jwt\"]"); }