GitHub-Spring
/
spring-authorization-server
mirror of https://github.com/spring-projects/spring-authorization-server.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge branch '0.4.x' into 1.0.x 

Closes gh-1420
1.0.x
Joe Grandja 2 years ago
parent
43405c6eae 5286affbfe
commit
668ad6ce59
4 changed files with 95 additions and 95 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 92
      oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationServerMetadataTests.java
  2. 14
      oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerMetadataTests.java
  3. 68
      oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/http/converter/OAuth2AuthorizationServerMetadataHttpMessageConverterTests.java
  4. 16
      oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java

92
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationServerMetadataTests.java
Unescape View File

@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
/*
* Copyright 2020-2022 the original author or authors.
* Copyright 2020-2023 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -38,43 +38,43 @@ public class OAuth2AuthorizationServerMetadataTests { @@ -38,43 +38,43 @@ public class OAuth2AuthorizationServerMetadataTests {
// @formatter:off
private final Builder minimalBuilder =
OAuth2AuthorizationServerMetadata.builder()
.issuer("https://example.com/issuer1")
.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
.tokenEndpoint("https://example.com/issuer1/oauth2/token")
.issuer("https://example.com")
.authorizationEndpoint("https://example.com/oauth2/authorize")
.tokenEndpoint("https://example.com/oauth2/token")
.responseType("code");
// @formatter:on
@Test
public void buildWhenAllClaimsProvidedThenCreated() {
OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.builder()
.issuer("https://example.com/issuer1")
.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
.tokenEndpoint("https://example.com/issuer1/oauth2/token")
.issuer("https://example.com")
.authorizationEndpoint("https://example.com/oauth2/authorize")
.tokenEndpoint("https://example.com/oauth2/token")
.tokenEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue())
.jwkSetUrl("https://example.com/issuer1/oauth2/jwks")
.jwkSetUrl("https://example.com/oauth2/jwks")
.scope("openid")
.responseType("code")
.grantType("authorization_code")
.grantType("client_credentials")
.tokenRevocationEndpoint("https://example.com/issuer1/oauth2/revoke")
.tokenRevocationEndpoint("https://example.com/oauth2/revoke")
.tokenRevocationEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue())
.tokenIntrospectionEndpoint("https://example.com/issuer1/oauth2/introspect")
.tokenIntrospectionEndpoint("https://example.com/oauth2/introspect")
.tokenIntrospectionEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue())
.codeChallengeMethod("S256")
.claim("a-claim", "a-value")
.build();
assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(url("https://example.com/issuer1"));
assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/authorize"));
assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/token"));
assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(url("https://example.com"));
assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/oauth2/authorize"));
assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(url("https://example.com/oauth2/token"));
assertThat(authorizationServerMetadata.getTokenEndpointAuthenticationMethods()).containsExactly(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue());
assertThat(authorizationServerMetadata.getJwkSetUrl()).isEqualTo(url("https://example.com/issuer1/oauth2/jwks"));
assertThat(authorizationServerMetadata.getJwkSetUrl()).isEqualTo(url("https://example.com/oauth2/jwks"));
assertThat(authorizationServerMetadata.getScopes()).containsExactly("openid");
assertThat(authorizationServerMetadata.getResponseTypes()).containsExactly("code");
assertThat(authorizationServerMetadata.getGrantTypes()).containsExactlyInAnyOrder("authorization_code", "client_credentials");
assertThat(authorizationServerMetadata.getTokenRevocationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/revoke"));
assertThat(authorizationServerMetadata.getTokenRevocationEndpoint()).isEqualTo(url("https://example.com/oauth2/revoke"));
assertThat(authorizationServerMetadata.getTokenRevocationEndpointAuthenticationMethods()).containsExactly(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue());
assertThat(authorizationServerMetadata.getTokenIntrospectionEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/introspect"));
assertThat(authorizationServerMetadata.getTokenIntrospectionEndpoint()).isEqualTo(url("https://example.com/oauth2/introspect"));
assertThat(authorizationServerMetadata.getTokenIntrospectionEndpointAuthenticationMethods()).containsExactly(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue());
assertThat(authorizationServerMetadata.getCodeChallengeMethods()).containsExactly("S256");
assertThat(authorizationServerMetadata.getClaimAsString("a-claim")).isEqualTo("a-value");
@ -83,15 +83,15 @@ public class OAuth2AuthorizationServerMetadataTests { @@ -83,15 +83,15 @@ public class OAuth2AuthorizationServerMetadataTests {
@Test
public void buildWhenOnlyRequiredClaimsProvidedThenCreated() {
OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.builder()
.issuer("https://example.com/issuer1")
.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
.tokenEndpoint("https://example.com/issuer1/oauth2/token")
.issuer("https://example.com")
.authorizationEndpoint("https://example.com/oauth2/authorize")
.tokenEndpoint("https://example.com/oauth2/token")
.responseType("code")
.build();
assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(url("https://example.com/issuer1"));
assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/authorize"));
assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/token"));
assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(url("https://example.com"));
assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/oauth2/authorize"));
assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(url("https://example.com/oauth2/token"));
assertThat(authorizationServerMetadata.getTokenEndpointAuthenticationMethods()).isNull();
assertThat(authorizationServerMetadata.getJwkSetUrl()).isNull();
assertThat(authorizationServerMetadata.getScopes()).isNull();
@ -107,29 +107,29 @@ public class OAuth2AuthorizationServerMetadataTests { @@ -107,29 +107,29 @@ public class OAuth2AuthorizationServerMetadataTests {
@Test
public void withClaimsWhenClaimsProvidedThenCreated() {
HashMap<String, Object> claims = new HashMap<>();
claims.put(OAuth2AuthorizationServerMetadataClaimNames.ISSUER, "https://example.com/issuer1");
claims.put(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT, "https://example.com/issuer1/oauth2/authorize");
claims.put(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT, "https://example.com/issuer1/oauth2/token");
claims.put(OAuth2AuthorizationServerMetadataClaimNames.JWKS_URI, "https://example.com/issuer1/oauth2/jwks");
claims.put(OAuth2AuthorizationServerMetadataClaimNames.ISSUER, "https://example.com");
claims.put(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT, "https://example.com/oauth2/authorize");
claims.put(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT, "https://example.com/oauth2/token");
claims.put(OAuth2AuthorizationServerMetadataClaimNames.JWKS_URI, "https://example.com/oauth2/jwks");
claims.put(OAuth2AuthorizationServerMetadataClaimNames.SCOPES_SUPPORTED, Collections.singletonList("openid"));
claims.put(OAuth2AuthorizationServerMetadataClaimNames.RESPONSE_TYPES_SUPPORTED, Collections.singletonList("code"));
claims.put(OAuth2AuthorizationServerMetadataClaimNames.REVOCATION_ENDPOINT, "https://example.com/issuer1/oauth2/revoke");
claims.put(OAuth2AuthorizationServerMetadataClaimNames.INTROSPECTION_ENDPOINT, "https://example.com/issuer1/oauth2/introspect");
claims.put(OAuth2AuthorizationServerMetadataClaimNames.REVOCATION_ENDPOINT, "https://example.com/oauth2/revoke");
claims.put(OAuth2AuthorizationServerMetadataClaimNames.INTROSPECTION_ENDPOINT, "https://example.com/oauth2/introspect");
claims.put("some-claim", "some-value");
OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.withClaims(claims).build();
assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(url("https://example.com/issuer1"));
assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/authorize"));
assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/token"));
assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(url("https://example.com"));
assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/oauth2/authorize"));
assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(url("https://example.com/oauth2/token"));
assertThat(authorizationServerMetadata.getTokenEndpointAuthenticationMethods()).isNull();
assertThat(authorizationServerMetadata.getJwkSetUrl()).isEqualTo(url("https://example.com/issuer1/oauth2/jwks"));
assertThat(authorizationServerMetadata.getJwkSetUrl()).isEqualTo(url("https://example.com/oauth2/jwks"));
assertThat(authorizationServerMetadata.getScopes()).containsExactly("openid");
assertThat(authorizationServerMetadata.getResponseTypes()).containsExactly("code");
assertThat(authorizationServerMetadata.getGrantTypes()).isNull();
assertThat(authorizationServerMetadata.getTokenRevocationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/revoke"));
assertThat(authorizationServerMetadata.getTokenRevocationEndpoint()).isEqualTo(url("https://example.com/oauth2/revoke"));
assertThat(authorizationServerMetadata.getTokenRevocationEndpointAuthenticationMethods()).isNull();
assertThat(authorizationServerMetadata.getTokenIntrospectionEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/introspect"));
assertThat(authorizationServerMetadata.getTokenIntrospectionEndpoint()).isEqualTo(url("https://example.com/oauth2/introspect"));
assertThat(authorizationServerMetadata.getTokenIntrospectionEndpointAuthenticationMethods()).isNull();
assertThat(authorizationServerMetadata.getCodeChallengeMethods()).isNull();
assertThat(authorizationServerMetadata.getClaimAsString("some-claim")).isEqualTo("some-value");
@ -138,28 +138,28 @@ public class OAuth2AuthorizationServerMetadataTests { @@ -138,28 +138,28 @@ public class OAuth2AuthorizationServerMetadataTests {
@Test
public void withClaimsWhenClaimsWithUrlsProvidedThenCreated() {
HashMap<String, Object> claims = new HashMap<>();
claims.put(OAuth2AuthorizationServerMetadataClaimNames.ISSUER, url("https://example.com/issuer1"));
claims.put(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT, url("https://example.com/issuer1/oauth2/authorize"));
claims.put(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT, url("https://example.com/issuer1/oauth2/token"));
claims.put(OAuth2AuthorizationServerMetadataClaimNames.JWKS_URI, url("https://example.com/issuer1/oauth2/jwks"));
claims.put(OAuth2AuthorizationServerMetadataClaimNames.ISSUER, url("https://example.com"));
claims.put(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT, url("https://example.com/oauth2/authorize"));
claims.put(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT, url("https://example.com/oauth2/token"));
claims.put(OAuth2AuthorizationServerMetadataClaimNames.JWKS_URI, url("https://example.com/oauth2/jwks"));
claims.put(OAuth2AuthorizationServerMetadataClaimNames.RESPONSE_TYPES_SUPPORTED, Collections.singletonList("code"));
claims.put(OAuth2AuthorizationServerMetadataClaimNames.REVOCATION_ENDPOINT, url("https://example.com/issuer1/oauth2/revoke"));
claims.put(OAuth2AuthorizationServerMetadataClaimNames.INTROSPECTION_ENDPOINT, url("https://example.com/issuer1/oauth2/introspect"));
claims.put(OAuth2AuthorizationServerMetadataClaimNames.REVOCATION_ENDPOINT, url("https://example.com/oauth2/revoke"));
claims.put(OAuth2AuthorizationServerMetadataClaimNames.INTROSPECTION_ENDPOINT, url("https://example.com/oauth2/introspect"));
claims.put("some-claim", "some-value");
OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.withClaims(claims).build();
assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(url("https://example.com/issuer1"));
assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/authorize"));
assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/token"));
assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(url("https://example.com"));
assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/oauth2/authorize"));
assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(url("https://example.com/oauth2/token"));
assertThat(authorizationServerMetadata.getTokenEndpointAuthenticationMethods()).isNull();
assertThat(authorizationServerMetadata.getJwkSetUrl()).isEqualTo(url("https://example.com/issuer1/oauth2/jwks"));
assertThat(authorizationServerMetadata.getJwkSetUrl()).isEqualTo(url("https://example.com/oauth2/jwks"));
assertThat(authorizationServerMetadata.getScopes()).isNull();
assertThat(authorizationServerMetadata.getResponseTypes()).containsExactly("code");
assertThat(authorizationServerMetadata.getGrantTypes()).isNull();
assertThat(authorizationServerMetadata.getTokenRevocationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/revoke"));
assertThat(authorizationServerMetadata.getTokenRevocationEndpoint()).isEqualTo(url("https://example.com/oauth2/revoke"));
assertThat(authorizationServerMetadata.getTokenRevocationEndpointAuthenticationMethods()).isNull();
assertThat(authorizationServerMetadata.getTokenIntrospectionEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/introspect"));
assertThat(authorizationServerMetadata.getTokenIntrospectionEndpoint()).isEqualTo(url("https://example.com/oauth2/introspect"));
assertThat(authorizationServerMetadata.getTokenIntrospectionEndpointAuthenticationMethods()).isNull();
assertThat(authorizationServerMetadata.getCodeChallengeMethods()).isNull();
assertThat(authorizationServerMetadata.getClaimAsString("some-claim")).isEqualTo("some-value");

14
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerMetadataTests.java
Unescape View File

@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
/*
* Copyright 2020-2022 the original author or authors.
* Copyright 2020-2023 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -65,7 +65,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. @@ -65,7 +65,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@ExtendWith(SpringTestContextExtension.class)
public class OAuth2AuthorizationServerMetadataTests {
private static final String DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI = "/.well-known/oauth-authorization-server";
private static final String issuerUrl = "https://example.com/issuer1";
private static final String ISSUER_URL = "https://example.com";
private static EmbeddedDatabase db;
private static JWKSource<SecurityContext> jwkSource;
@ -105,9 +105,9 @@ public class OAuth2AuthorizationServerMetadataTests { @@ -105,9 +105,9 @@ public class OAuth2AuthorizationServerMetadataTests {
public void requestWhenAuthorizationServerMetadataRequestAndIssuerSetThenUsed() throws Exception {
this.spring.register(AuthorizationServerConfiguration.class).autowire();
this.mvc.perform(get(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI))
this.mvc.perform(get(ISSUER_URL.concat(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI)))
.andExpect(status().is2xxSuccessful())
.andExpect(jsonPath("issuer").value(issuerUrl))
.andExpect(jsonPath("issuer").value(ISSUER_URL))
.andReturn();
}
@ -115,7 +115,7 @@ public class OAuth2AuthorizationServerMetadataTests { @@ -115,7 +115,7 @@ public class OAuth2AuthorizationServerMetadataTests {
public void requestWhenAuthorizationServerMetadataRequestAndIssuerNotSetThenResolveFromRequest() throws Exception {
this.spring.register(AuthorizationServerConfigurationWithIssuerNotSet.class).autowire();
this.mvc.perform(get(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI))
this.mvc.perform(get("http://localhost".concat(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI)))
.andExpect(status().is2xxSuccessful())
.andExpect(jsonPath("issuer").value("http://localhost"))
.andReturn();
@ -126,7 +126,7 @@ public class OAuth2AuthorizationServerMetadataTests { @@ -126,7 +126,7 @@ public class OAuth2AuthorizationServerMetadataTests {
public void requestWhenAuthorizationServerMetadataRequestAndMetadataCustomizerSetThenReturnCustomMetadataResponse() throws Exception {
this.spring.register(AuthorizationServerConfigurationWithMetadataCustomizer.class).autowire();
this.mvc.perform(get(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI))
this.mvc.perform(get(ISSUER_URL.concat(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI)))
.andExpect(status().is2xxSuccessful())
.andExpect(jsonPath(OAuth2AuthorizationServerMetadataClaimNames.SCOPES_SUPPORTED,
hasItems("scope1", "scope2")));
@ -156,7 +156,7 @@ public class OAuth2AuthorizationServerMetadataTests { @@ -156,7 +156,7 @@ public class OAuth2AuthorizationServerMetadataTests {
@Bean
AuthorizationServerSettings authorizationServerSettings() {
return AuthorizationServerSettings.builder().issuer(issuerUrl).build();
return AuthorizationServerSettings.builder().issuer(ISSUER_URL).build();
}
}

68
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/http/converter/OAuth2AuthorizationServerMetadataHttpMessageConverterTests.java
Unescape View File

@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
/*
* Copyright 2020-2022 the original author or authors.
* Copyright 2020-2023 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -62,9 +62,9 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests { @@ -62,9 +62,9 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests {
public void readInternalWhenRequiredParametersThenSuccess() throws Exception {
// @formatter:off
String authorizationServerMetadataResponse = "{\n"
+ " \"issuer\": \"https://example.com/issuer1\",\n"
+ " \"authorization_endpoint\": \"https://example.com/issuer1/oauth2/authorize\",\n"
+ " \"token_endpoint\": \"https://example.com/issuer1/oauth2/token\",\n"
+ " \"issuer\": \"https://example.com\",\n"
+ " \"authorization_endpoint\": \"https://example.com/oauth2/authorize\",\n"
+ " \"token_endpoint\": \"https://example.com/oauth2/token\",\n"
+ " \"response_types_supported\": [\"code\"]\n"
+ "}\n";
// @formatter:on
@ -72,9 +72,9 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests { @@ -72,9 +72,9 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests {
OAuth2AuthorizationServerMetadata authorizationServerMetadata = this.messageConverter
.readInternal(OAuth2AuthorizationServerMetadata.class, response);
assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(new URL("https://example.com/issuer1"));
assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/authorize"));
assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/token"));
assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(new URL("https://example.com"));
assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(new URL("https://example.com/oauth2/authorize"));
assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(new URL("https://example.com/oauth2/token"));
assertThat(authorizationServerMetadata.getTokenEndpointAuthenticationMethods()).isNull();
assertThat(authorizationServerMetadata.getJwkSetUrl()).isNull();
assertThat(authorizationServerMetadata.getResponseTypes()).containsExactly("code");
@ -91,17 +91,17 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests { @@ -91,17 +91,17 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests {
public void readInternalWhenValidParametersThenSuccess() throws Exception {
// @formatter:off
String authorizationServerMetadataResponse = "{\n"
+ " \"issuer\": \"https://example.com/issuer1\",\n"
+ " \"authorization_endpoint\": \"https://example.com/issuer1/oauth2/authorize\",\n"
+ " \"token_endpoint\": \"https://example.com/issuer1/oauth2/token\",\n"
+ " \"issuer\": \"https://example.com\",\n"
+ " \"authorization_endpoint\": \"https://example.com/oauth2/authorize\",\n"
+ " \"token_endpoint\": \"https://example.com/oauth2/token\",\n"
+ " \"token_endpoint_auth_methods_supported\": [\"client_secret_basic\"],\n"
+ " \"jwks_uri\": \"https://example.com/issuer1/oauth2/jwks\",\n"
+ " \"jwks_uri\": \"https://example.com/oauth2/jwks\",\n"
+ " \"scopes_supported\": [\"openid\"],\n"
+ " \"response_types_supported\": [\"code\"],\n"
+ " \"grant_types_supported\": [\"authorization_code\", \"client_credentials\"],\n"
+ " \"revocation_endpoint\": \"https://example.com/issuer1/oauth2/revoke\",\n"
+ " \"revocation_endpoint\": \"https://example.com/oauth2/revoke\",\n"
+ " \"revocation_endpoint_auth_methods_supported\": [\"client_secret_basic\"],\n"
+ " \"introspection_endpoint\": \"https://example.com/issuer1/oauth2/introspect\",\n"
+ " \"introspection_endpoint\": \"https://example.com/oauth2/introspect\",\n"
+ " \"introspection_endpoint_auth_methods_supported\": [\"client_secret_basic\"],\n"
+ " \"code_challenge_methods_supported\": [\"S256\"],\n"
+ " \"custom_claim\": \"value\",\n"
@ -113,17 +113,17 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests { @@ -113,17 +113,17 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests {
.readInternal(OAuth2AuthorizationServerMetadata.class, response);
assertThat(authorizationServerMetadata.getClaims()).hasSize(15);
assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(new URL("https://example.com/issuer1"));
assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/authorize"));
assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/token"));
assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(new URL("https://example.com"));
assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(new URL("https://example.com/oauth2/authorize"));
assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(new URL("https://example.com/oauth2/token"));
assertThat(authorizationServerMetadata.getTokenEndpointAuthenticationMethods()).containsExactly(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue());
assertThat(authorizationServerMetadata.getJwkSetUrl()).isEqualTo(new URL("https://example.com/issuer1/oauth2/jwks"));
assertThat(authorizationServerMetadata.getJwkSetUrl()).isEqualTo(new URL("https://example.com/oauth2/jwks"));
assertThat(authorizationServerMetadata.getScopes()).containsExactly("openid");
assertThat(authorizationServerMetadata.getResponseTypes()).containsExactly("code");
assertThat(authorizationServerMetadata.getGrantTypes()).containsExactlyInAnyOrder("authorization_code", "client_credentials");
assertThat(authorizationServerMetadata.getTokenRevocationEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/revoke"));
assertThat(authorizationServerMetadata.getTokenRevocationEndpoint()).isEqualTo(new URL("https://example.com/oauth2/revoke"));
assertThat(authorizationServerMetadata.getTokenRevocationEndpointAuthenticationMethods()).containsExactly(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue());
assertThat(authorizationServerMetadata.getTokenIntrospectionEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/introspect"));
assertThat(authorizationServerMetadata.getTokenIntrospectionEndpoint()).isEqualTo(new URL("https://example.com/oauth2/introspect"));
assertThat(authorizationServerMetadata.getTokenIntrospectionEndpointAuthenticationMethods()).containsExactly(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue());
assertThat(authorizationServerMetadata.getCodeChallengeMethods()).containsExactly("S256");
assertThat(authorizationServerMetadata.getClaimAsString("custom_claim")).isEqualTo("value");
@ -159,18 +159,18 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests { @@ -159,18 +159,18 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests {
public void writeInternalWhenOAuth2AuthorizationServerMetadataThenSuccess() {
OAuth2AuthorizationServerMetadata authorizationServerMetadata =
OAuth2AuthorizationServerMetadata.builder()
.issuer("https://example.com/issuer1")
.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
.tokenEndpoint("https://example.com/issuer1/oauth2/token")
.issuer("https://example.com")
.authorizationEndpoint("https://example.com/oauth2/authorize")
.tokenEndpoint("https://example.com/oauth2/token")
.tokenEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue())
.jwkSetUrl("https://example.com/issuer1/oauth2/jwks")
.jwkSetUrl("https://example.com/oauth2/jwks")
.scope("openid")
.responseType("code")
.grantType("authorization_code")
.grantType("client_credentials")
.tokenRevocationEndpoint("https://example.com/issuer1/oauth2/revoke")
.tokenRevocationEndpoint("https://example.com/oauth2/revoke")
.tokenRevocationEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue())
.tokenIntrospectionEndpoint("https://example.com/issuer1/oauth2/introspect")
.tokenIntrospectionEndpoint("https://example.com/oauth2/introspect")
.tokenIntrospectionEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue())
.codeChallengeMethod("S256")
.claim("custom_claim", "value")
@ -181,17 +181,17 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests { @@ -181,17 +181,17 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests {
this.messageConverter.writeInternal(authorizationServerMetadata, outputMessage);
String authorizationServerMetadataResponse = outputMessage.getBodyAsString();
assertThat(authorizationServerMetadataResponse).contains("\"issuer\":\"https://example.com/issuer1\"");
assertThat(authorizationServerMetadataResponse).contains("\"authorization_endpoint\":\"https://example.com/issuer1/oauth2/authorize\"");
assertThat(authorizationServerMetadataResponse).contains("\"token_endpoint\":\"https://example.com/issuer1/oauth2/token\"");
assertThat(authorizationServerMetadataResponse).contains("\"issuer\":\"https://example.com\"");
assertThat(authorizationServerMetadataResponse).contains("\"authorization_endpoint\":\"https://example.com/oauth2/authorize\"");
assertThat(authorizationServerMetadataResponse).contains("\"token_endpoint\":\"https://example.com/oauth2/token\"");
assertThat(authorizationServerMetadataResponse).contains("\"token_endpoint_auth_methods_supported\":[\"client_secret_basic\"]");
assertThat(authorizationServerMetadataResponse).contains("\"jwks_uri\":\"https://example.com/issuer1/oauth2/jwks\"");
assertThat(authorizationServerMetadataResponse).contains("\"jwks_uri\":\"https://example.com/oauth2/jwks\"");
assertThat(authorizationServerMetadataResponse).contains("\"scopes_supported\":[\"openid\"]");
assertThat(authorizationServerMetadataResponse).contains("\"response_types_supported\":[\"code\"]");
assertThat(authorizationServerMetadataResponse).contains("\"grant_types_supported\":[\"authorization_code\",\"client_credentials\"]");
assertThat(authorizationServerMetadataResponse).contains("\"revocation_endpoint\":\"https://example.com/issuer1/oauth2/revoke\"");
assertThat(authorizationServerMetadataResponse).contains("\"revocation_endpoint\":\"https://example.com/oauth2/revoke\"");
assertThat(authorizationServerMetadataResponse).contains("\"revocation_endpoint_auth_methods_supported\":[\"client_secret_basic\"]");
assertThat(authorizationServerMetadataResponse).contains("\"introspection_endpoint\":\"https://example.com/issuer1/oauth2/introspect\"");
assertThat(authorizationServerMetadataResponse).contains("\"introspection_endpoint\":\"https://example.com/oauth2/introspect\"");
assertThat(authorizationServerMetadataResponse).contains("\"introspection_endpoint_auth_methods_supported\":[\"client_secret_basic\"]");
assertThat(authorizationServerMetadataResponse).contains("\"code_challenge_methods_supported\":[\"S256\"]");
assertThat(authorizationServerMetadataResponse).contains("\"custom_claim\":\"value\"");
@ -210,9 +210,9 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests { @@ -210,9 +210,9 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests {
MockHttpOutputMessage outputMessage = new MockHttpOutputMessage();
OAuth2AuthorizationServerMetadata authorizationServerMetadata =
OAuth2AuthorizationServerMetadata.builder()
.issuer("https://example.com/issuer1")
.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
.tokenEndpoint("https://example.com/issuer1/oauth2/token")
.issuer("https://example.com")
.authorizationEndpoint("https://example.com/oauth2/authorize")
.tokenEndpoint("https://example.com/oauth2/token")
.responseType("code")
.build();

16
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java
Unescape View File

@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
/*
* Copyright 2020-2022 the original author or authors.
* Copyright 2020-2023 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -87,7 +87,7 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests { @@ -87,7 +87,7 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests {
@Test
public void doFilterWhenAuthorizationServerMetadataRequestThenMetadataResponse() throws Exception {
String issuer = "https://example.com/issuer1";
String issuer = "https://example.com";
String authorizationEndpoint = "/oauth2/v1/authorize";
String tokenEndpoint = "/oauth2/v1/token";
String jwkSetEndpoint = "/oauth2/v1/jwks";
@ -116,16 +116,16 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests { @@ -116,16 +116,16 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests {
assertThat(response.getContentType()).isEqualTo(MediaType.APPLICATION_JSON_VALUE);
String authorizationServerMetadataResponse = response.getContentAsString();
assertThat(authorizationServerMetadataResponse).contains("\"issuer\":\"https://example.com/issuer1\"");
assertThat(authorizationServerMetadataResponse).contains("\"authorization_endpoint\":\"https://example.com/issuer1/oauth2/v1/authorize\"");
assertThat(authorizationServerMetadataResponse).contains("\"token_endpoint\":\"https://example.com/issuer1/oauth2/v1/token\"");
assertThat(authorizationServerMetadataResponse).contains("\"issuer\":\"https://example.com\"");
assertThat(authorizationServerMetadataResponse).contains("\"authorization_endpoint\":\"https://example.com/oauth2/v1/authorize\"");
assertThat(authorizationServerMetadataResponse).contains("\"token_endpoint\":\"https://example.com/oauth2/v1/token\"");
assertThat(authorizationServerMetadataResponse).contains("\"token_endpoint_auth_methods_supported\":[\"client_secret_basic\",\"client_secret_post\",\"client_secret_jwt\",\"private_key_jwt\"]");
assertThat(authorizationServerMetadataResponse).contains("\"jwks_uri\":\"https://example.com/issuer1/oauth2/v1/jwks\"");
assertThat(authorizationServerMetadataResponse).contains("\"jwks_uri\":\"https://example.com/oauth2/v1/jwks\"");
assertThat(authorizationServerMetadataResponse).contains("\"response_types_supported\":[\"code\"]");
assertThat(authorizationServerMetadataResponse).contains("\"grant_types_supported\":[\"authorization_code\",\"client_credentials\",\"refresh_token\"]");
assertThat(authorizationServerMetadataResponse).contains("\"revocation_endpoint\":\"https://example.com/issuer1/oauth2/v1/revoke\"");
assertThat(authorizationServerMetadataResponse).contains("\"revocation_endpoint\":\"https://example.com/oauth2/v1/revoke\"");
assertThat(authorizationServerMetadataResponse).contains("\"revocation_endpoint_auth_methods_supported\":[\"client_secret_basic\",\"client_secret_post\",\"client_secret_jwt\",\"private_key_jwt\"]");
assertThat(authorizationServerMetadataResponse).contains("\"introspection_endpoint\":\"https://example.com/issuer1/oauth2/v1/introspect\"");
assertThat(authorizationServerMetadataResponse).contains("\"introspection_endpoint\":\"https://example.com/oauth2/v1/introspect\"");
assertThat(authorizationServerMetadataResponse).contains("\"introspection_endpoint_auth_methods_supported\":[\"client_secret_basic\",\"client_secret_post\",\"client_secret_jwt\",\"private_key_jwt\"]");
assertThat(authorizationServerMetadataResponse).contains("\"code_challenge_methods_supported\":[\"S256\"]");
}

Write Preview
Loading…
Cancel
Save