diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationServerMetadataTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationServerMetadataTests.java index f818296f..2c772fb4 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationServerMetadataTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationServerMetadataTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 the original author or authors. + * Copyright 2020-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -38,43 +38,43 @@ public class OAuth2AuthorizationServerMetadataTests { // @formatter:off private final Builder minimalBuilder = OAuth2AuthorizationServerMetadata.builder() - .issuer("https://example.com/issuer1") - .authorizationEndpoint("https://example.com/issuer1/oauth2/authorize") - .tokenEndpoint("https://example.com/issuer1/oauth2/token") + .issuer("https://example.com") + .authorizationEndpoint("https://example.com/oauth2/authorize") + .tokenEndpoint("https://example.com/oauth2/token") .responseType("code"); // @formatter:on @Test public void buildWhenAllClaimsProvidedThenCreated() { OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.builder() - .issuer("https://example.com/issuer1") - .authorizationEndpoint("https://example.com/issuer1/oauth2/authorize") - .tokenEndpoint("https://example.com/issuer1/oauth2/token") + .issuer("https://example.com") + .authorizationEndpoint("https://example.com/oauth2/authorize") + .tokenEndpoint("https://example.com/oauth2/token") .tokenEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue()) - .jwkSetUrl("https://example.com/issuer1/oauth2/jwks") + .jwkSetUrl("https://example.com/oauth2/jwks") .scope("openid") .responseType("code") .grantType("authorization_code") .grantType("client_credentials") - .tokenRevocationEndpoint("https://example.com/issuer1/oauth2/revoke") + .tokenRevocationEndpoint("https://example.com/oauth2/revoke") .tokenRevocationEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue()) - .tokenIntrospectionEndpoint("https://example.com/issuer1/oauth2/introspect") + .tokenIntrospectionEndpoint("https://example.com/oauth2/introspect") .tokenIntrospectionEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue()) .codeChallengeMethod("S256") .claim("a-claim", "a-value") .build(); - assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(url("https://example.com/issuer1")); - assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/authorize")); - assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/token")); + assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(url("https://example.com")); + assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/oauth2/authorize")); + assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(url("https://example.com/oauth2/token")); assertThat(authorizationServerMetadata.getTokenEndpointAuthenticationMethods()).containsExactly(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue()); - assertThat(authorizationServerMetadata.getJwkSetUrl()).isEqualTo(url("https://example.com/issuer1/oauth2/jwks")); + assertThat(authorizationServerMetadata.getJwkSetUrl()).isEqualTo(url("https://example.com/oauth2/jwks")); assertThat(authorizationServerMetadata.getScopes()).containsExactly("openid"); assertThat(authorizationServerMetadata.getResponseTypes()).containsExactly("code"); assertThat(authorizationServerMetadata.getGrantTypes()).containsExactlyInAnyOrder("authorization_code", "client_credentials"); - assertThat(authorizationServerMetadata.getTokenRevocationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/revoke")); + assertThat(authorizationServerMetadata.getTokenRevocationEndpoint()).isEqualTo(url("https://example.com/oauth2/revoke")); assertThat(authorizationServerMetadata.getTokenRevocationEndpointAuthenticationMethods()).containsExactly(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue()); - assertThat(authorizationServerMetadata.getTokenIntrospectionEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/introspect")); + assertThat(authorizationServerMetadata.getTokenIntrospectionEndpoint()).isEqualTo(url("https://example.com/oauth2/introspect")); assertThat(authorizationServerMetadata.getTokenIntrospectionEndpointAuthenticationMethods()).containsExactly(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue()); assertThat(authorizationServerMetadata.getCodeChallengeMethods()).containsExactly("S256"); assertThat(authorizationServerMetadata.getClaimAsString("a-claim")).isEqualTo("a-value"); @@ -83,15 +83,15 @@ public class OAuth2AuthorizationServerMetadataTests { @Test public void buildWhenOnlyRequiredClaimsProvidedThenCreated() { OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.builder() - .issuer("https://example.com/issuer1") - .authorizationEndpoint("https://example.com/issuer1/oauth2/authorize") - .tokenEndpoint("https://example.com/issuer1/oauth2/token") + .issuer("https://example.com") + .authorizationEndpoint("https://example.com/oauth2/authorize") + .tokenEndpoint("https://example.com/oauth2/token") .responseType("code") .build(); - assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(url("https://example.com/issuer1")); - assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/authorize")); - assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/token")); + assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(url("https://example.com")); + assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/oauth2/authorize")); + assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(url("https://example.com/oauth2/token")); assertThat(authorizationServerMetadata.getTokenEndpointAuthenticationMethods()).isNull(); assertThat(authorizationServerMetadata.getJwkSetUrl()).isNull(); assertThat(authorizationServerMetadata.getScopes()).isNull(); @@ -107,29 +107,29 @@ public class OAuth2AuthorizationServerMetadataTests { @Test public void withClaimsWhenClaimsProvidedThenCreated() { HashMap claims = new HashMap<>(); - claims.put(OAuth2AuthorizationServerMetadataClaimNames.ISSUER, "https://example.com/issuer1"); - claims.put(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT, "https://example.com/issuer1/oauth2/authorize"); - claims.put(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT, "https://example.com/issuer1/oauth2/token"); - claims.put(OAuth2AuthorizationServerMetadataClaimNames.JWKS_URI, "https://example.com/issuer1/oauth2/jwks"); + claims.put(OAuth2AuthorizationServerMetadataClaimNames.ISSUER, "https://example.com"); + claims.put(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT, "https://example.com/oauth2/authorize"); + claims.put(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT, "https://example.com/oauth2/token"); + claims.put(OAuth2AuthorizationServerMetadataClaimNames.JWKS_URI, "https://example.com/oauth2/jwks"); claims.put(OAuth2AuthorizationServerMetadataClaimNames.SCOPES_SUPPORTED, Collections.singletonList("openid")); claims.put(OAuth2AuthorizationServerMetadataClaimNames.RESPONSE_TYPES_SUPPORTED, Collections.singletonList("code")); - claims.put(OAuth2AuthorizationServerMetadataClaimNames.REVOCATION_ENDPOINT, "https://example.com/issuer1/oauth2/revoke"); - claims.put(OAuth2AuthorizationServerMetadataClaimNames.INTROSPECTION_ENDPOINT, "https://example.com/issuer1/oauth2/introspect"); + claims.put(OAuth2AuthorizationServerMetadataClaimNames.REVOCATION_ENDPOINT, "https://example.com/oauth2/revoke"); + claims.put(OAuth2AuthorizationServerMetadataClaimNames.INTROSPECTION_ENDPOINT, "https://example.com/oauth2/introspect"); claims.put("some-claim", "some-value"); OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.withClaims(claims).build(); - assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(url("https://example.com/issuer1")); - assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/authorize")); - assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/token")); + assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(url("https://example.com")); + assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/oauth2/authorize")); + assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(url("https://example.com/oauth2/token")); assertThat(authorizationServerMetadata.getTokenEndpointAuthenticationMethods()).isNull(); - assertThat(authorizationServerMetadata.getJwkSetUrl()).isEqualTo(url("https://example.com/issuer1/oauth2/jwks")); + assertThat(authorizationServerMetadata.getJwkSetUrl()).isEqualTo(url("https://example.com/oauth2/jwks")); assertThat(authorizationServerMetadata.getScopes()).containsExactly("openid"); assertThat(authorizationServerMetadata.getResponseTypes()).containsExactly("code"); assertThat(authorizationServerMetadata.getGrantTypes()).isNull(); - assertThat(authorizationServerMetadata.getTokenRevocationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/revoke")); + assertThat(authorizationServerMetadata.getTokenRevocationEndpoint()).isEqualTo(url("https://example.com/oauth2/revoke")); assertThat(authorizationServerMetadata.getTokenRevocationEndpointAuthenticationMethods()).isNull(); - assertThat(authorizationServerMetadata.getTokenIntrospectionEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/introspect")); + assertThat(authorizationServerMetadata.getTokenIntrospectionEndpoint()).isEqualTo(url("https://example.com/oauth2/introspect")); assertThat(authorizationServerMetadata.getTokenIntrospectionEndpointAuthenticationMethods()).isNull(); assertThat(authorizationServerMetadata.getCodeChallengeMethods()).isNull(); assertThat(authorizationServerMetadata.getClaimAsString("some-claim")).isEqualTo("some-value"); @@ -138,28 +138,28 @@ public class OAuth2AuthorizationServerMetadataTests { @Test public void withClaimsWhenClaimsWithUrlsProvidedThenCreated() { HashMap claims = new HashMap<>(); - claims.put(OAuth2AuthorizationServerMetadataClaimNames.ISSUER, url("https://example.com/issuer1")); - claims.put(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT, url("https://example.com/issuer1/oauth2/authorize")); - claims.put(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT, url("https://example.com/issuer1/oauth2/token")); - claims.put(OAuth2AuthorizationServerMetadataClaimNames.JWKS_URI, url("https://example.com/issuer1/oauth2/jwks")); + claims.put(OAuth2AuthorizationServerMetadataClaimNames.ISSUER, url("https://example.com")); + claims.put(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT, url("https://example.com/oauth2/authorize")); + claims.put(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT, url("https://example.com/oauth2/token")); + claims.put(OAuth2AuthorizationServerMetadataClaimNames.JWKS_URI, url("https://example.com/oauth2/jwks")); claims.put(OAuth2AuthorizationServerMetadataClaimNames.RESPONSE_TYPES_SUPPORTED, Collections.singletonList("code")); - claims.put(OAuth2AuthorizationServerMetadataClaimNames.REVOCATION_ENDPOINT, url("https://example.com/issuer1/oauth2/revoke")); - claims.put(OAuth2AuthorizationServerMetadataClaimNames.INTROSPECTION_ENDPOINT, url("https://example.com/issuer1/oauth2/introspect")); + claims.put(OAuth2AuthorizationServerMetadataClaimNames.REVOCATION_ENDPOINT, url("https://example.com/oauth2/revoke")); + claims.put(OAuth2AuthorizationServerMetadataClaimNames.INTROSPECTION_ENDPOINT, url("https://example.com/oauth2/introspect")); claims.put("some-claim", "some-value"); OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.withClaims(claims).build(); - assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(url("https://example.com/issuer1")); - assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/authorize")); - assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/token")); + assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(url("https://example.com")); + assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/oauth2/authorize")); + assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(url("https://example.com/oauth2/token")); assertThat(authorizationServerMetadata.getTokenEndpointAuthenticationMethods()).isNull(); - assertThat(authorizationServerMetadata.getJwkSetUrl()).isEqualTo(url("https://example.com/issuer1/oauth2/jwks")); + assertThat(authorizationServerMetadata.getJwkSetUrl()).isEqualTo(url("https://example.com/oauth2/jwks")); assertThat(authorizationServerMetadata.getScopes()).isNull(); assertThat(authorizationServerMetadata.getResponseTypes()).containsExactly("code"); assertThat(authorizationServerMetadata.getGrantTypes()).isNull(); - assertThat(authorizationServerMetadata.getTokenRevocationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/revoke")); + assertThat(authorizationServerMetadata.getTokenRevocationEndpoint()).isEqualTo(url("https://example.com/oauth2/revoke")); assertThat(authorizationServerMetadata.getTokenRevocationEndpointAuthenticationMethods()).isNull(); - assertThat(authorizationServerMetadata.getTokenIntrospectionEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/introspect")); + assertThat(authorizationServerMetadata.getTokenIntrospectionEndpoint()).isEqualTo(url("https://example.com/oauth2/introspect")); assertThat(authorizationServerMetadata.getTokenIntrospectionEndpointAuthenticationMethods()).isNull(); assertThat(authorizationServerMetadata.getCodeChallengeMethods()).isNull(); assertThat(authorizationServerMetadata.getClaimAsString("some-claim")).isEqualTo("some-value"); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerMetadataTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerMetadataTests.java index efffaa0a..083f8327 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerMetadataTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerMetadataTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 the original author or authors. + * Copyright 2020-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -65,7 +65,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. @ExtendWith(SpringTestContextExtension.class) public class OAuth2AuthorizationServerMetadataTests { private static final String DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI = "/.well-known/oauth-authorization-server"; - private static final String issuerUrl = "https://example.com/issuer1"; + private static final String ISSUER_URL = "https://example.com"; private static EmbeddedDatabase db; private static JWKSource jwkSource; @@ -105,9 +105,9 @@ public class OAuth2AuthorizationServerMetadataTests { public void requestWhenAuthorizationServerMetadataRequestAndIssuerSetThenUsed() throws Exception { this.spring.register(AuthorizationServerConfiguration.class).autowire(); - this.mvc.perform(get(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI)) + this.mvc.perform(get(ISSUER_URL.concat(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI))) .andExpect(status().is2xxSuccessful()) - .andExpect(jsonPath("issuer").value(issuerUrl)) + .andExpect(jsonPath("issuer").value(ISSUER_URL)) .andReturn(); } @@ -115,7 +115,7 @@ public class OAuth2AuthorizationServerMetadataTests { public void requestWhenAuthorizationServerMetadataRequestAndIssuerNotSetThenResolveFromRequest() throws Exception { this.spring.register(AuthorizationServerConfigurationWithIssuerNotSet.class).autowire(); - this.mvc.perform(get(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI)) + this.mvc.perform(get("http://localhost".concat(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI))) .andExpect(status().is2xxSuccessful()) .andExpect(jsonPath("issuer").value("http://localhost")) .andReturn(); @@ -126,7 +126,7 @@ public class OAuth2AuthorizationServerMetadataTests { public void requestWhenAuthorizationServerMetadataRequestAndMetadataCustomizerSetThenReturnCustomMetadataResponse() throws Exception { this.spring.register(AuthorizationServerConfigurationWithMetadataCustomizer.class).autowire(); - this.mvc.perform(get(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI)) + this.mvc.perform(get(ISSUER_URL.concat(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI))) .andExpect(status().is2xxSuccessful()) .andExpect(jsonPath(OAuth2AuthorizationServerMetadataClaimNames.SCOPES_SUPPORTED, hasItems("scope1", "scope2"))); @@ -156,7 +156,7 @@ public class OAuth2AuthorizationServerMetadataTests { @Bean AuthorizationServerSettings authorizationServerSettings() { - return AuthorizationServerSettings.builder().issuer(issuerUrl).build(); + return AuthorizationServerSettings.builder().issuer(ISSUER_URL).build(); } } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/http/converter/OAuth2AuthorizationServerMetadataHttpMessageConverterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/http/converter/OAuth2AuthorizationServerMetadataHttpMessageConverterTests.java index d0a44799..362dc683 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/http/converter/OAuth2AuthorizationServerMetadataHttpMessageConverterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/http/converter/OAuth2AuthorizationServerMetadataHttpMessageConverterTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 the original author or authors. + * Copyright 2020-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -62,9 +62,9 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests { public void readInternalWhenRequiredParametersThenSuccess() throws Exception { // @formatter:off String authorizationServerMetadataResponse = "{\n" - + " \"issuer\": \"https://example.com/issuer1\",\n" - + " \"authorization_endpoint\": \"https://example.com/issuer1/oauth2/authorize\",\n" - + " \"token_endpoint\": \"https://example.com/issuer1/oauth2/token\",\n" + + " \"issuer\": \"https://example.com\",\n" + + " \"authorization_endpoint\": \"https://example.com/oauth2/authorize\",\n" + + " \"token_endpoint\": \"https://example.com/oauth2/token\",\n" + " \"response_types_supported\": [\"code\"]\n" + "}\n"; // @formatter:on @@ -72,9 +72,9 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests { OAuth2AuthorizationServerMetadata authorizationServerMetadata = this.messageConverter .readInternal(OAuth2AuthorizationServerMetadata.class, response); - assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(new URL("https://example.com/issuer1")); - assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/authorize")); - assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/token")); + assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(new URL("https://example.com")); + assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(new URL("https://example.com/oauth2/authorize")); + assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(new URL("https://example.com/oauth2/token")); assertThat(authorizationServerMetadata.getTokenEndpointAuthenticationMethods()).isNull(); assertThat(authorizationServerMetadata.getJwkSetUrl()).isNull(); assertThat(authorizationServerMetadata.getResponseTypes()).containsExactly("code"); @@ -91,17 +91,17 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests { public void readInternalWhenValidParametersThenSuccess() throws Exception { // @formatter:off String authorizationServerMetadataResponse = "{\n" - + " \"issuer\": \"https://example.com/issuer1\",\n" - + " \"authorization_endpoint\": \"https://example.com/issuer1/oauth2/authorize\",\n" - + " \"token_endpoint\": \"https://example.com/issuer1/oauth2/token\",\n" + + " \"issuer\": \"https://example.com\",\n" + + " \"authorization_endpoint\": \"https://example.com/oauth2/authorize\",\n" + + " \"token_endpoint\": \"https://example.com/oauth2/token\",\n" + " \"token_endpoint_auth_methods_supported\": [\"client_secret_basic\"],\n" - + " \"jwks_uri\": \"https://example.com/issuer1/oauth2/jwks\",\n" + + " \"jwks_uri\": \"https://example.com/oauth2/jwks\",\n" + " \"scopes_supported\": [\"openid\"],\n" + " \"response_types_supported\": [\"code\"],\n" + " \"grant_types_supported\": [\"authorization_code\", \"client_credentials\"],\n" - + " \"revocation_endpoint\": \"https://example.com/issuer1/oauth2/revoke\",\n" + + " \"revocation_endpoint\": \"https://example.com/oauth2/revoke\",\n" + " \"revocation_endpoint_auth_methods_supported\": [\"client_secret_basic\"],\n" - + " \"introspection_endpoint\": \"https://example.com/issuer1/oauth2/introspect\",\n" + + " \"introspection_endpoint\": \"https://example.com/oauth2/introspect\",\n" + " \"introspection_endpoint_auth_methods_supported\": [\"client_secret_basic\"],\n" + " \"code_challenge_methods_supported\": [\"S256\"],\n" + " \"custom_claim\": \"value\",\n" @@ -113,17 +113,17 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests { .readInternal(OAuth2AuthorizationServerMetadata.class, response); assertThat(authorizationServerMetadata.getClaims()).hasSize(15); - assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(new URL("https://example.com/issuer1")); - assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/authorize")); - assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/token")); + assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(new URL("https://example.com")); + assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(new URL("https://example.com/oauth2/authorize")); + assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(new URL("https://example.com/oauth2/token")); assertThat(authorizationServerMetadata.getTokenEndpointAuthenticationMethods()).containsExactly(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue()); - assertThat(authorizationServerMetadata.getJwkSetUrl()).isEqualTo(new URL("https://example.com/issuer1/oauth2/jwks")); + assertThat(authorizationServerMetadata.getJwkSetUrl()).isEqualTo(new URL("https://example.com/oauth2/jwks")); assertThat(authorizationServerMetadata.getScopes()).containsExactly("openid"); assertThat(authorizationServerMetadata.getResponseTypes()).containsExactly("code"); assertThat(authorizationServerMetadata.getGrantTypes()).containsExactlyInAnyOrder("authorization_code", "client_credentials"); - assertThat(authorizationServerMetadata.getTokenRevocationEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/revoke")); + assertThat(authorizationServerMetadata.getTokenRevocationEndpoint()).isEqualTo(new URL("https://example.com/oauth2/revoke")); assertThat(authorizationServerMetadata.getTokenRevocationEndpointAuthenticationMethods()).containsExactly(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue()); - assertThat(authorizationServerMetadata.getTokenIntrospectionEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/introspect")); + assertThat(authorizationServerMetadata.getTokenIntrospectionEndpoint()).isEqualTo(new URL("https://example.com/oauth2/introspect")); assertThat(authorizationServerMetadata.getTokenIntrospectionEndpointAuthenticationMethods()).containsExactly(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue()); assertThat(authorizationServerMetadata.getCodeChallengeMethods()).containsExactly("S256"); assertThat(authorizationServerMetadata.getClaimAsString("custom_claim")).isEqualTo("value"); @@ -159,18 +159,18 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests { public void writeInternalWhenOAuth2AuthorizationServerMetadataThenSuccess() { OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.builder() - .issuer("https://example.com/issuer1") - .authorizationEndpoint("https://example.com/issuer1/oauth2/authorize") - .tokenEndpoint("https://example.com/issuer1/oauth2/token") + .issuer("https://example.com") + .authorizationEndpoint("https://example.com/oauth2/authorize") + .tokenEndpoint("https://example.com/oauth2/token") .tokenEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue()) - .jwkSetUrl("https://example.com/issuer1/oauth2/jwks") + .jwkSetUrl("https://example.com/oauth2/jwks") .scope("openid") .responseType("code") .grantType("authorization_code") .grantType("client_credentials") - .tokenRevocationEndpoint("https://example.com/issuer1/oauth2/revoke") + .tokenRevocationEndpoint("https://example.com/oauth2/revoke") .tokenRevocationEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue()) - .tokenIntrospectionEndpoint("https://example.com/issuer1/oauth2/introspect") + .tokenIntrospectionEndpoint("https://example.com/oauth2/introspect") .tokenIntrospectionEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue()) .codeChallengeMethod("S256") .claim("custom_claim", "value") @@ -181,17 +181,17 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests { this.messageConverter.writeInternal(authorizationServerMetadata, outputMessage); String authorizationServerMetadataResponse = outputMessage.getBodyAsString(); - assertThat(authorizationServerMetadataResponse).contains("\"issuer\":\"https://example.com/issuer1\""); - assertThat(authorizationServerMetadataResponse).contains("\"authorization_endpoint\":\"https://example.com/issuer1/oauth2/authorize\""); - assertThat(authorizationServerMetadataResponse).contains("\"token_endpoint\":\"https://example.com/issuer1/oauth2/token\""); + assertThat(authorizationServerMetadataResponse).contains("\"issuer\":\"https://example.com\""); + assertThat(authorizationServerMetadataResponse).contains("\"authorization_endpoint\":\"https://example.com/oauth2/authorize\""); + assertThat(authorizationServerMetadataResponse).contains("\"token_endpoint\":\"https://example.com/oauth2/token\""); assertThat(authorizationServerMetadataResponse).contains("\"token_endpoint_auth_methods_supported\":[\"client_secret_basic\"]"); - assertThat(authorizationServerMetadataResponse).contains("\"jwks_uri\":\"https://example.com/issuer1/oauth2/jwks\""); + assertThat(authorizationServerMetadataResponse).contains("\"jwks_uri\":\"https://example.com/oauth2/jwks\""); assertThat(authorizationServerMetadataResponse).contains("\"scopes_supported\":[\"openid\"]"); assertThat(authorizationServerMetadataResponse).contains("\"response_types_supported\":[\"code\"]"); assertThat(authorizationServerMetadataResponse).contains("\"grant_types_supported\":[\"authorization_code\",\"client_credentials\"]"); - assertThat(authorizationServerMetadataResponse).contains("\"revocation_endpoint\":\"https://example.com/issuer1/oauth2/revoke\""); + assertThat(authorizationServerMetadataResponse).contains("\"revocation_endpoint\":\"https://example.com/oauth2/revoke\""); assertThat(authorizationServerMetadataResponse).contains("\"revocation_endpoint_auth_methods_supported\":[\"client_secret_basic\"]"); - assertThat(authorizationServerMetadataResponse).contains("\"introspection_endpoint\":\"https://example.com/issuer1/oauth2/introspect\""); + assertThat(authorizationServerMetadataResponse).contains("\"introspection_endpoint\":\"https://example.com/oauth2/introspect\""); assertThat(authorizationServerMetadataResponse).contains("\"introspection_endpoint_auth_methods_supported\":[\"client_secret_basic\"]"); assertThat(authorizationServerMetadataResponse).contains("\"code_challenge_methods_supported\":[\"S256\"]"); assertThat(authorizationServerMetadataResponse).contains("\"custom_claim\":\"value\""); @@ -210,9 +210,9 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests { MockHttpOutputMessage outputMessage = new MockHttpOutputMessage(); OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.builder() - .issuer("https://example.com/issuer1") - .authorizationEndpoint("https://example.com/issuer1/oauth2/authorize") - .tokenEndpoint("https://example.com/issuer1/oauth2/token") + .issuer("https://example.com") + .authorizationEndpoint("https://example.com/oauth2/authorize") + .tokenEndpoint("https://example.com/oauth2/token") .responseType("code") .build(); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java index b68f077d..5c0b0968 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilterTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 the original author or authors. + * Copyright 2020-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -87,7 +87,7 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests { @Test public void doFilterWhenAuthorizationServerMetadataRequestThenMetadataResponse() throws Exception { - String issuer = "https://example.com/issuer1"; + String issuer = "https://example.com"; String authorizationEndpoint = "/oauth2/v1/authorize"; String tokenEndpoint = "/oauth2/v1/token"; String jwkSetEndpoint = "/oauth2/v1/jwks"; @@ -116,16 +116,16 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests { assertThat(response.getContentType()).isEqualTo(MediaType.APPLICATION_JSON_VALUE); String authorizationServerMetadataResponse = response.getContentAsString(); - assertThat(authorizationServerMetadataResponse).contains("\"issuer\":\"https://example.com/issuer1\""); - assertThat(authorizationServerMetadataResponse).contains("\"authorization_endpoint\":\"https://example.com/issuer1/oauth2/v1/authorize\""); - assertThat(authorizationServerMetadataResponse).contains("\"token_endpoint\":\"https://example.com/issuer1/oauth2/v1/token\""); + assertThat(authorizationServerMetadataResponse).contains("\"issuer\":\"https://example.com\""); + assertThat(authorizationServerMetadataResponse).contains("\"authorization_endpoint\":\"https://example.com/oauth2/v1/authorize\""); + assertThat(authorizationServerMetadataResponse).contains("\"token_endpoint\":\"https://example.com/oauth2/v1/token\""); assertThat(authorizationServerMetadataResponse).contains("\"token_endpoint_auth_methods_supported\":[\"client_secret_basic\",\"client_secret_post\",\"client_secret_jwt\",\"private_key_jwt\"]"); - assertThat(authorizationServerMetadataResponse).contains("\"jwks_uri\":\"https://example.com/issuer1/oauth2/v1/jwks\""); + assertThat(authorizationServerMetadataResponse).contains("\"jwks_uri\":\"https://example.com/oauth2/v1/jwks\""); assertThat(authorizationServerMetadataResponse).contains("\"response_types_supported\":[\"code\"]"); assertThat(authorizationServerMetadataResponse).contains("\"grant_types_supported\":[\"authorization_code\",\"client_credentials\",\"refresh_token\",\"urn:ietf:params:oauth:grant-type:device_code\"]"); - assertThat(authorizationServerMetadataResponse).contains("\"revocation_endpoint\":\"https://example.com/issuer1/oauth2/v1/revoke\""); + assertThat(authorizationServerMetadataResponse).contains("\"revocation_endpoint\":\"https://example.com/oauth2/v1/revoke\""); assertThat(authorizationServerMetadataResponse).contains("\"revocation_endpoint_auth_methods_supported\":[\"client_secret_basic\",\"client_secret_post\",\"client_secret_jwt\",\"private_key_jwt\"]"); - assertThat(authorizationServerMetadataResponse).contains("\"introspection_endpoint\":\"https://example.com/issuer1/oauth2/v1/introspect\""); + assertThat(authorizationServerMetadataResponse).contains("\"introspection_endpoint\":\"https://example.com/oauth2/v1/introspect\""); assertThat(authorizationServerMetadataResponse).contains("\"introspection_endpoint_auth_methods_supported\":[\"client_secret_basic\",\"client_secret_post\",\"client_secret_jwt\",\"private_key_jwt\"]"); assertThat(authorizationServerMetadataResponse).contains("\"code_challenge_methods_supported\":[\"S256\"]"); }