|
|
|
@ -1,5 +1,5 @@ |
|
|
|
/* |
|
|
|
/* |
|
|
|
* Copyright 2020-2024 the original author or authors. |
|
|
|
* Copyright 2020-2025 the original author or authors. |
|
|
|
* |
|
|
|
* |
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
|
|
* you may not use this file except in compliance with the License. |
|
|
|
* you may not use this file except in compliance with the License. |
|
|
|
@ -510,10 +510,7 @@ public class OidcClientRegistrationTests { |
|
|
|
assertThat(registeredClient.getClientSettings().<String>getSetting("non-registered-custom-metadata")).isNull(); |
|
|
|
assertThat(registeredClient.getClientSettings().<String>getSetting("non-registered-custom-metadata")).isNull(); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
// gh-2111
|
|
|
|
* Scenario to validate that if there's a customization that sets client secret expiration date, then the date |
|
|
|
|
|
|
|
* is persisted and returned in the registration response |
|
|
|
|
|
|
|
*/ |
|
|
|
|
|
|
|
@Test |
|
|
|
@Test |
|
|
|
public void requestWhenClientRegistersWithSecretExpirationThenClientRegistrationResponse() throws Exception { |
|
|
|
public void requestWhenClientRegistersWithSecretExpirationThenClientRegistrationResponse() throws Exception { |
|
|
|
this.spring.register(ClientSecretExpirationConfiguration.class).autowire(); |
|
|
|
this.spring.register(ClientSecretExpirationConfiguration.class).autowire(); |
|
|
|
@ -535,19 +532,16 @@ public class OidcClientRegistrationTests { |
|
|
|
TemporalUnitWithinOffset allowedDelta = new TemporalUnitWithinOffset(1, ChronoUnit.MINUTES); |
|
|
|
TemporalUnitWithinOffset allowedDelta = new TemporalUnitWithinOffset(1, ChronoUnit.MINUTES); |
|
|
|
|
|
|
|
|
|
|
|
// Returned response contains expiration date
|
|
|
|
// Returned response contains expiration date
|
|
|
|
assertThat(clientRegistrationResponse.getClientSecretExpiresAt()) |
|
|
|
assertThat(clientRegistrationResponse.getClientSecretExpiresAt()).isNotNull() |
|
|
|
.isNotNull() |
|
|
|
.isCloseTo(expectedSecretExpiryDate, allowedDelta); |
|
|
|
.isCloseTo(expectedSecretExpiryDate, allowedDelta); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
RegisteredClient registeredClient = this.registeredClientRepository |
|
|
|
RegisteredClient registeredClient = this.registeredClientRepository |
|
|
|
.findByClientId(clientRegistrationResponse.getClientId()); |
|
|
|
.findByClientId(clientRegistrationResponse.getClientId()); |
|
|
|
|
|
|
|
|
|
|
|
// Persisted RegisteredClient contains expiration date
|
|
|
|
// Persisted RegisteredClient contains expiration date
|
|
|
|
assertThat(registeredClient) |
|
|
|
assertThat(registeredClient).isNotNull(); |
|
|
|
.isNotNull(); |
|
|
|
assertThat(registeredClient.getClientSecretExpiresAt()).isNotNull() |
|
|
|
assertThat(registeredClient.getClientSecretExpiresAt()) |
|
|
|
.isCloseTo(expectedSecretExpiryDate, allowedDelta); |
|
|
|
.isNotNull() |
|
|
|
|
|
|
|
.isCloseTo(expectedSecretExpiryDate, allowedDelta); |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
private OidcClientRegistration registerClient(OidcClientRegistration clientRegistration) throws Exception { |
|
|
|
private OidcClientRegistration registerClient(OidcClientRegistration clientRegistration) throws Exception { |
|
|
|
@ -899,24 +893,26 @@ public class OidcClientRegistrationTests { |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
/** |
|
|
|
* This customization adds client secret expiration time by setting {@code RegisteredClient.clientSecretExpiresAt} |
|
|
|
* This customization adds client secret expiration time by setting |
|
|
|
* during {@code OidcClientRegistration} -> {@code RegisteredClient} conversion |
|
|
|
* {@code RegisteredClient.clientSecretExpiresAt} during |
|
|
|
|
|
|
|
* {@code OidcClientRegistration} -> {@code RegisteredClient} conversion |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
private static final class ClientSecretExpirationRegisteredClientConverter |
|
|
|
private static final class ClientSecretExpirationRegisteredClientConverter |
|
|
|
implements Converter<OidcClientRegistration, RegisteredClient> { |
|
|
|
implements Converter<OidcClientRegistration, RegisteredClient> { |
|
|
|
|
|
|
|
|
|
|
|
private static final OidcClientRegistrationRegisteredClientConverter delegate = |
|
|
|
private static final OidcClientRegistrationRegisteredClientConverter delegate = new OidcClientRegistrationRegisteredClientConverter(); |
|
|
|
new OidcClientRegistrationRegisteredClientConverter(); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@Override |
|
|
|
@Override |
|
|
|
public RegisteredClient convert(OidcClientRegistration clientRegistration) { |
|
|
|
public RegisteredClient convert(OidcClientRegistration clientRegistration) { |
|
|
|
RegisteredClient registeredClient = delegate.convert(clientRegistration); |
|
|
|
RegisteredClient registeredClient = delegate.convert(clientRegistration); |
|
|
|
var registeredClientBuilder = RegisteredClient.from(registeredClient); |
|
|
|
RegisteredClient.Builder registeredClientBuilder = RegisteredClient.from(registeredClient); |
|
|
|
|
|
|
|
|
|
|
|
var clientSecretExpiresAt = Instant.now().plus(Duration.ofHours(24)); |
|
|
|
Instant clientSecretExpiresAt = Instant.now().plus(Duration.ofHours(24)); |
|
|
|
registeredClientBuilder.clientSecretExpiresAt(clientSecretExpiresAt); |
|
|
|
registeredClientBuilder.clientSecretExpiresAt(clientSecretExpiresAt); |
|
|
|
|
|
|
|
|
|
|
|
return registeredClientBuilder.build(); |
|
|
|
return registeredClientBuilder.build(); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
Joe Grandja
4 months ago